Date: Mon, 22 Apr 2013 13:44:56 +0400 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Marcelo Gondim <gondim@bsdinfo.com.br> Cc: freebsd-stable@freebsd.org Subject: Re: Possible DoS in mpd 5.6 pppoe server Message-ID: <20130422094456.GB76816@FreeBSD.org> In-Reply-To: <5172CFB2.3010708@bsdinfo.com.br> References: <5172965A.9080600@bsdinfo.com.br> <5172BDDD.4010509@rdtc.ru> <5172CFB2.3010708@bsdinfo.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Marcelo, On Sat, Apr 20, 2013 at 02:26:10PM -0300, Marcelo Gondim wrote: M> >> I'm doing tests with mpdas pppoeserver. Tried to simulate an attack of M> >> 1000 connections using an incorrect login and after a certain time can M> >> cause a kernel panic in the system. Below the panicgenerated: M> >> M> >> http://pastebin.com/nUXGVR3y M> > You seem to use dummynet and the problem is not in mpd/pppoe code, M> > it's it the dummynet code. Look at http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/162558 M> > for workarounds. M> Ok :) I will try this: M> M> - net.isr.bindthreads=1 in /boot/loader.conf; M> - net.isr.direct=1 and net.isr.direct_force=1 in /etc/sysctl.conf Be advised, that these settings do not fix the problem with dummynet, they just make the race less probable to happen. -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130422094456.GB76816>