From owner-freebsd-isp  Tue Mar 24 16:03:49 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA24567
          for freebsd-isp-outgoing; Tue, 24 Mar 1998 16:03:49 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from firewall.scitec.com.au (firewall-user@fgate.scitec.com.au [203.17.180.68])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA24480
          for <freebsd-isp@freebsd.org>; Tue, 24 Mar 1998 16:03:43 -0800 (PST)
          (envelope-from john.saunders@scitec.com.au)
Received: by firewall.scitec.com.au; id KAA29916; Wed, 25 Mar 1998 10:03:39 +1000 (EST)
Received: from mailhub.scitec.com.au(203.17.180.131) by fgate.scitec.com.au via smap (3.2)
	id xma029910; Wed, 25 Mar 98 10:03:36 +1000
Received: from hydra.scitec.com.au (hydra.scitec.com.au [203.17.182.101]) by mailhub.scitec.com.au (8.6.12/8.6.9) with ESMTP id KAA14772 for <freebsd-isp@freebsd.org>; Wed, 25 Mar 1998 10:03:34 +1000
Received: from scitec.com.au (saruman.scitec.com.au) by hydra.scitec.com.au with ESMTP
	(1.40.112.8/16.2) id AA243034213; Wed, 25 Mar 1998 11:03:33 +1100
Message-Id: <351849D6.89C7C14@scitec.com.au>
Date: Wed, 25 Mar 1998 11:03:34 +1100
From: John Saunders <john.saunders@scitec.com.au>
Organization: SCITEC LIMITED
X-Mailer: Mozilla 4.04 [en] (WinNT; I)
Mime-Version: 1.0
To: freebsd-isp@FreeBSD.ORG
Subject: Attack for wuftpd
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I was just attacked by somebody issuing a LIST /*/../*/../*/../*/.../*
command which caused ftpd to use up all CPU on the server and thrash
the disk. I have a limit on anonymous ftps so they could only get
several of these going.

Has anybody heard about this, or better yet know of a patch to fix it?

Cheers.
--        +------------------------------------------------------------+
      .   | John Saunders   mailto:John.Saunders@scitec.com.au  (Work) |
  ,--_|\  |                 mailto:john@nlc.net.au              (Home) |
 /  Oz  \ |                 http://www.nlc.net.au/~john/               |
 \_,--\_/ | SCITEC LIMITED  Phone +61 2 9428 9563  Fax +61 2 9428 9933 |
       v  |    "By the time you make ends meet, they move the ends."   |
          +------------------------------------------------------------+

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message