Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 22 Apr 2013 13:44:56 +0400
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        Marcelo Gondim <gondim@bsdinfo.com.br>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: Possible DoS in mpd 5.6 pppoe server
Message-ID:  <20130422094456.GB76816@FreeBSD.org>
In-Reply-To: <5172CFB2.3010708@bsdinfo.com.br>
References:  <5172965A.9080600@bsdinfo.com.br> <5172BDDD.4010509@rdtc.ru> <5172CFB2.3010708@bsdinfo.com.br>

next in thread | previous in thread | raw e-mail | index | archive | help
  Marcelo,

On Sat, Apr 20, 2013 at 02:26:10PM -0300, Marcelo Gondim wrote:
M> >> I'm doing tests with mpdas pppoeserver. Tried to simulate an attack of
M> >> 1000 connections using an incorrect login and after a certain time can
M> >> cause a kernel panic in the system. Below the panicgenerated:
M> >>
M> >> http://pastebin.com/nUXGVR3y
M> > You seem to use dummynet and the problem is not in mpd/pppoe code,
M> > it's it the dummynet code. Look at http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/162558
M> > for workarounds.
M> Ok  :)  I will try this:
M> 
M> - net.isr.bindthreads=1 in /boot/loader.conf;
M> - net.isr.direct=1 and net.isr.direct_force=1 in /etc/sysctl.conf

Be advised, that these settings do not fix the problem with dummynet, they
just make the race less probable to happen.

-- 
Totus tuus, Glebius.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130422094456.GB76816>