From owner-cvs-all Wed Aug 26 14:05:29 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA18478 for cvs-all-outgoing; Wed, 26 Aug 1998 14:05:29 -0700 (PDT) (envelope-from owner-cvs-all) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA18423; Wed, 26 Aug 1998 14:05:07 -0700 (PDT) (envelope-from dillon@FreeBSD.org) From: Matt Dillon Received: (from dillon@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id OAA06943; Wed, 26 Aug 1998 14:05:01 -0700 (PDT) Date: Wed, 26 Aug 1998 14:05:01 -0700 (PDT) Message-Id: <199808262105.OAA06943@freefall.freebsd.org> To: Brian Somers Cc: Eivind Eklund , cvs-committers@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/ping ping.8 ping.c Sender: owner-cvs-all@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk :[.....] : :I agree. It's pointless anyway, as a user can : : while :; do ping blah; done : :> Eivind. It's moot, but I would like to say that it isn't *quite* pointless. We have had good success making machines near-uncrashable, even with users (i.e. stolen password IRC hackers) trying to crash one. While it isn't fullproof, I've found that limiting the number of processes a user can run to 32 or so solves many of the DOS-from-user-account issues. Memory starvation attacks are still a big issue, but the list can be pared down considerably. -Matt :-- :Brian , , : :Don't _EVER_ lose your sense of humour.... : :