Date: Fri, 26 Jul 2002 15:57:45 +0400 From: Yar Tikhiy <yar@freebsd.org> To: net@freebsd.org Subject: ftpd(8) DoS: SIZE in ASCII mode Message-ID: <20020726155745.B2089@comp.chem.msu.su>
next in thread | raw e-mail | index | archive | help
Hi everybody, I've been pointed out by Maxim Konovalov recently that our stock ftpd(8) allowed an easy DoS attack against a server running it by issuing numerous "SIZE" commands on huge files when in ASCII mode. In this case, ftpd(8) has to read a whole file instead of just issuing a single stat(2) syscall, thus eating up the server's disk bandwidth. The obvious solution is to disable the "SIZE" command when in ASCII mode. So I'd like to ask the community whether anyone thinks there must be an option to enable it back. Personally, I feel the command must be disabled completely (for ASCII mode, of course) since I see no good use for it at all. -- Yar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020726155745.B2089>