Date: Fri, 18 Feb 2000 09:28:09 -0700 From: Lyndon Nerenberg <lyndon@orthanc.ab.ca> To: Mark Murray <mark@grondar.za> Cc: Peter Wemm <peter@netplex.com.au>, current@FreeBSD.ORG, committers@FreeBSD.ORG Subject: Re: Crypto progress! (And a Biiiig TODO list) Message-ID: <200002181628.e1IGS9P48266@orthanc.ab.ca> In-Reply-To: Your message of "Fri, 18 Feb 2000 09:43:03 %2B0200." <200002180743.JAA26529@gratis.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Mark" == Mark Murray <mark@grondar.za> writes:
Mark> o A username may only be checked $number times per
Mark> $timeperiod; after that, _all_ answers are silently
Mark> converted to "no".
Umm, massive DOS hole.
Mark> o Daemon may only be invoked $number times per $timeperiod;
Mark> refuses to fork after that.
Another massive DOS hole.
Mark> o Daemon will delay $timeperiod before returning answer.
This is the correct way to deal with (perceived) attacks.
Mark> ... etc. There are possibilities for DoS attacks, but the
Mark> daemon talks only to a Unix Domain Socket, so finding the
Mark> perp is easy.
Not if the daemon has shut itself off due to load (#1 or #2 above) and you
aren't currently logged in to the box.
--lyndon
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002181628.e1IGS9P48266>