Date: Sat, 20 Apr 2013 14:52:30 -0300 From: Marcelo Gondim <gondim@bsdinfo.com.br> To: Adrian Chadd <adrian@freebsd.org> Cc: freebsd-stable@freebsd.org Subject: Re: Possible DoS in mpd 5.6 pppoe server Message-ID: <5172D5DE.2060109@bsdinfo.com.br> In-Reply-To: <CAJ-Vmomvy77_zvbTDfdz=d1KZ8y_M=K8wXJtmf=2kYAX8MExKA@mail.gmail.com> References: <5172965A.9080600@bsdinfo.com.br> <CAJ-Vmomvy77_zvbTDfdz=d1KZ8y_M=K8wXJtmf=2kYAX8MExKA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
My ipfw rules, pf rules and dummynet:
fw="/sbin/ipfw"
ext_if="igb0"
$fw disable one_pass
$fw -f flush
$fw zero
$fw table all flush
$fw -f pipe flush
ssh_port="4321"
$fw add allow all from any to any via lo0
$fw add deny all from 127.0.0.0/8 to any
$fw add deny all from any to 127.0.0.0/8
$fw add check-state
# velocidade de 1024kbps
$fw add pipe 1 ip from "table(10)" to any in via ng*
$fw add pipe 2 ip from any to "table(10)" out via ng*
$fw pipe 1 config bw 1024Kbit/s queue 128 mask src-ip 255.255.255.255
$fw pipe 2 config bw 1024Kbit/s queue 128 mask dst-ip 255.255.255.255
# velocidade de 2048kbps
$fw add pipe 3 ip from "table(11)" to any in via ng*
$fw add pipe 4 ip from any to "table(11)" out via ng*
$fw pipe 3 config bw 2048Kbit/s queue 256 mask src-ip 255.255.255.255
$fw pipe 4 config bw 2048Kbit/s queue 256 mask dst-ip 255.255.255.255
# velocidade de 10240kbps
$fw add pipe 5 ip from "table(12)" to any in via ng*
$fw add pipe 6 ip from any to "table(12)" out via ng*
$fw pipe 5 config bw 10240Kbit/s queue 1280 mask src-ip 255.255.255.255
$fw pipe 6 config bw 10240Kbit/s queue 1280 mask dst-ip 255.255.255.255
# velocidade de 64kbps
$fw add pipe 7 ip from "table(13)" to any in via ng*
$fw add pipe 8 ip from any to "table(13)" out via ng*
$fw pipe 7 config bw 64Kbit/s queue 8 mask src-ip 255.255.255.255
$fw pipe 8 config bw 64Kbit/s queue 8 mask dst-ip 255.255.255.255
$fw add allow icmp from any to any icmptypes 0,3,8,11,12
$fw add deny icmp from any to any
PF Rules:
=======
ext_if = "igb0"
table <masq> persist { 10.0.0.0/8 }
set skip on lo0
set limit states 40000
nat on $ext_if from <masq> to any -> 192.168.8.34
Em 20/04/13 11:48, Adrian Chadd escreveu:
> Can you provide more information about the configuration of mpd and ppp?
>
> the panic is in the dummynet code; can you provide information about
> your ipfw/dummynet setup?
>
> Thanks,
>
>
>
> adrian
>
>
> On 20 April 2013 06:21, Marcelo Gondim <gondim@bsdinfo.com.br> wrote:
>> Hi all,
>>
>> I'm doing tests with mpdas pppoeserver. Tried to simulate an attack of 1000
>> connections using an incorrect login and after a certain time can cause a
>> kernel panic in the system. Below the panicgenerated:
>>
>> http://pastebin.com/nUXGVR3y
>>
>> Other equipment I do:
>>
>> # for (( i=0; i < 1000; i++ )); do ppp -ddial intnet ; done
>>
>> My System:
>>
>> Intel Motherboard Server S5500BC with Dual Processor Xeon(R) CPU E5606 @
>> 2.13GHz
>> 8Gb ram
>>
>> I do not understand programming in Cor Assembly. But could someone tell me
>> if what happened was a system problem or hardware?
>>
>> Best regards,
>>
>> Gondim
>>
>> _______________________________________________
>> freebsd-stable@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5172D5DE.2060109>