From owner-freebsd-stable@FreeBSD.ORG Sat Apr 20 17:52:36 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 66E76105; Sat, 20 Apr 2013 17:52:36 +0000 (UTC) (envelope-from gondim@bsdinfo.com.br) Received: from zeus.linuxinfo.com.br (zeus.linuxinfo.com.br [186.193.48.13]) by mx1.freebsd.org (Postfix) with ESMTP id E5B51830; Sat, 20 Apr 2013 17:52:35 +0000 (UTC) Received: from zeus.linuxinfo.com.br (zeus.linuxinfo.com.br [127.0.0.1]) by zeus.linuxinfo.com.br (Postfix) with ESMTP id 72108466A45D; Sat, 20 Apr 2013 14:50:24 -0300 (BRT) X-Virus-Scanned: amavisd-new at zeus.linuxinfo.com.br Received: from zeus.linuxinfo.com.br ([127.0.0.1]) by zeus.linuxinfo.com.br (zeus.linuxinfo.com.br [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vSP-WPumZzcK; Sat, 20 Apr 2013 14:50:21 -0300 (BRT) Received: from MacBook-de-Gondim-2.local (unknown [186.193.54.69]) by zeus.linuxinfo.com.br (Postfix) with ESMTPSA id 51555466A458; Sat, 20 Apr 2013 14:50:20 -0300 (BRT) Message-ID: <5172D5DE.2060109@bsdinfo.com.br> Date: Sat, 20 Apr 2013 14:52:30 -0300 From: Marcelo Gondim User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: Adrian Chadd Subject: Re: Possible DoS in mpd 5.6 pppoe server References: <5172965A.9080600@bsdinfo.com.br> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Apr 2013 17:52:36 -0000 Hi, My ipfw rules, pf rules and dummynet: fw="/sbin/ipfw" ext_if="igb0" $fw disable one_pass $fw -f flush $fw zero $fw table all flush $fw -f pipe flush ssh_port="4321" $fw add allow all from any to any via lo0 $fw add deny all from 127.0.0.0/8 to any $fw add deny all from any to 127.0.0.0/8 $fw add check-state # velocidade de 1024kbps $fw add pipe 1 ip from "table(10)" to any in via ng* $fw add pipe 2 ip from any to "table(10)" out via ng* $fw pipe 1 config bw 1024Kbit/s queue 128 mask src-ip 255.255.255.255 $fw pipe 2 config bw 1024Kbit/s queue 128 mask dst-ip 255.255.255.255 # velocidade de 2048kbps $fw add pipe 3 ip from "table(11)" to any in via ng* $fw add pipe 4 ip from any to "table(11)" out via ng* $fw pipe 3 config bw 2048Kbit/s queue 256 mask src-ip 255.255.255.255 $fw pipe 4 config bw 2048Kbit/s queue 256 mask dst-ip 255.255.255.255 # velocidade de 10240kbps $fw add pipe 5 ip from "table(12)" to any in via ng* $fw add pipe 6 ip from any to "table(12)" out via ng* $fw pipe 5 config bw 10240Kbit/s queue 1280 mask src-ip 255.255.255.255 $fw pipe 6 config bw 10240Kbit/s queue 1280 mask dst-ip 255.255.255.255 # velocidade de 64kbps $fw add pipe 7 ip from "table(13)" to any in via ng* $fw add pipe 8 ip from any to "table(13)" out via ng* $fw pipe 7 config bw 64Kbit/s queue 8 mask src-ip 255.255.255.255 $fw pipe 8 config bw 64Kbit/s queue 8 mask dst-ip 255.255.255.255 $fw add allow icmp from any to any icmptypes 0,3,8,11,12 $fw add deny icmp from any to any PF Rules: ======= ext_if = "igb0" table persist { 10.0.0.0/8 } set skip on lo0 set limit states 40000 nat on $ext_if from to any -> 192.168.8.34 Em 20/04/13 11:48, Adrian Chadd escreveu: > Can you provide more information about the configuration of mpd and ppp? > > the panic is in the dummynet code; can you provide information about > your ipfw/dummynet setup? > > Thanks, > > > > adrian > > > On 20 April 2013 06:21, Marcelo Gondim wrote: >> Hi all, >> >> I'm doing tests with mpdas pppoeserver. Tried to simulate an attack of 1000 >> connections using an incorrect login and after a certain time can cause a >> kernel panic in the system. Below the panicgenerated: >> >> http://pastebin.com/nUXGVR3y >> >> Other equipment I do: >> >> # for (( i=0; i < 1000; i++ )); do ppp -ddial intnet ; done >> >> My System: >> >> Intel Motherboard Server S5500BC with Dual Processor Xeon(R) CPU E5606 @ >> 2.13GHz >> 8Gb ram >> >> I do not understand programming in Cor Assembly. But could someone tell me >> if what happened was a system problem or hardware? >> >> Best regards, >> >> Gondim >> >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"