From owner-cvs-etc Mon Oct 27 09:44:28 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id JAA08840 for cvs-etc-outgoing; Mon, 27 Oct 1997 09:44:28 -0800 (PST) (envelope-from owner-cvs-etc) Received: from ns.mt.sri.com (SRI-56K-FR.mt.net [206.127.65.42]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA08712; Mon, 27 Oct 1997 09:43:17 -0800 (PST) (envelope-from nate@rocky.mt.sri.com) Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.7/8.8.7) with ESMTP id KAA14484; Mon, 27 Oct 1997 10:43:07 -0700 (MST) Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id KAA00685; Mon, 27 Oct 1997 10:43:05 -0700 (MST) Date: Mon, 27 Oct 1997 10:43:05 -0700 (MST) Message-Id: <199710271743.KAA00685@rocky.mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Tom Cc: Nate Williams , "Andrey A. Chernov" , cvs-committers@freebsd.org, cvs-all@freebsd.org, cvs-etc@freebsd.org Subject: Fingerd problems (was Re: cvs commit: src/etc master.passwd) In-Reply-To: References: <199710271718.KAA00563@rocky.mt.sri.com> X-Mailer: VM 6.29 under 19.15 XEmacs Lucid Sender: owner-cvs-etc@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > A problem with fingerd is that is does fuzzy lookups by default. If > /etc/master.passwd is large, it will use a significant amount of CPU. > Starting up 30-40 fingerds makes an easy and effective DoS attack. If this is a problem, disable fingerd. If that's not feasible, then I think your other solution is really the only other solution (limiting the # of fingerd's that should run.) Nate