From owner-freebsd-current  Thu Jul  9 23:24:08 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA27550
          for freebsd-current-outgoing; Thu, 9 Jul 1998 23:24:08 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from antipodes.cdrom.com (castles356.castles.com [208.214.167.56])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA27537
          for <freebsd-current@FreeBSD.ORG>; Thu, 9 Jul 1998 23:24:05 -0700 (PDT)
          (envelope-from mike@antipodes.cdrom.com)
Received: from antipodes.cdrom.com (localhost [127.0.0.1])
	by antipodes.cdrom.com (8.8.8/8.8.5) with ESMTP id WAA05713;
	Thu, 9 Jul 1998 22:24:37 -0700 (PDT)
Message-Id: <199807100524.WAA05713@antipodes.cdrom.com>
X-Mailer: exmh version 2.0zeta 7/24/97
To: sthaug@nethelp.no
cc: freebsd-current@FreeBSD.ORG
Subject: Re: Rate limit for system calls to prevent denial of service attacks? 
In-reply-to: Your message of "Wed, 08 Jul 1998 10:33:28 +0200."
             <22965.899886808@verdi.nethelp.no> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 09 Jul 1998 22:24:37 -0700
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> The following small program:
> 
> 	main(){while(1) fork();}
> 
> is a very effective denial of service attack against FreeBSD-2.2.6, 
> despite reasonable defaults in login.conf. The problem is *not* the
> number of processes, but the system call rate. It's actually kind of
> amazing to follow this with vmstat, and see that the box is suddenly
> doing 395000 system calls per second :-) (this is a P-166).

8)

> Limiting CPU time per process or user is probably not sufficient,
> unless you set it to absurdly small limits. It looks to me like we
> need some sort of *rate limiting* for system calls. Anybody looked
> at this?

There was an interesting paper presented at Usenix this year on system 
QoS (as opposed to network QoS).  You should try chasing the 
proceedings, as I'm certain that one of the platforms it was developed 
on was FreeBSD.

Needless to say, a module like this would be *very* desirable.

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message