From owner-freebsd-hackers  Thu Sep  9  6:16:16 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3A73B15133; Thu,  9 Sep 1999 06:15:55 -0700 (PDT)
	(envelope-from avalon@cheops.anu.edu.au)
Received: (from avalon@localhost)
	by cheops.anu.edu.au (8.9.1/8.9.1) id XAA05192;
	Thu, 9 Sep 1999 23:15:43 +1000 (EST)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <199909091315.XAA05192@cheops.anu.edu.au>
Subject: Re: mbuf shortage situations
To: stas@sonet.crimea.ua (Stas Kisel)
Date: Thu, 9 Sep 1999 23:15:43 +1000 (EST)
Cc: avalon@coombs.anu.edu.au, stas@sonet.crimea.ua,
	freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
In-Reply-To: <199909090945.NAA18133@sonet.crimea.ua> from "Stas Kisel" at Sep 9, 99 01:45:39 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In some mail from Stas Kisel, sie said:
> 
> > From: Darren Reed <avalon@coombs.anu.edu.au>
> 
> > The problem with this is the BSD TCP/IP implementation ACK's (or at least
> > attempts to ACK) data as soon as it is received and it is a big no-no to
> > discard queued data that has already been ACK'd.
> 
> Probably it is not self-evident why we HAVE to drop this connection.
> 
> It is evil connection. Good applications do read data from their sockets,
> and evil ones do not. And ever if it is good, but silly or busy
> application, good clients do not send so much data that application
> can not process it. Am I wrong, there are any examples?

So what if someone manages to crash a program due to a DOS attack ?
An easy one that comes to mind is syslogd.  It's often stuck in disk-wait
and can easily be targetted with a large number of packets.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message