[14818] in bugtraq
Re: netkill - generic remote DoS attack
daemon@ATHENA.MIT.EDU (Brian Fundakowski Feldman)
Sat May 6 20:55:20 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.0005032033010.60767-100000@green.dyndns.org>
Date: Wed, 3 May 2000 20:39:03 -0400
Reply-To: Brian Fundakowski Feldman <green@FREEBSD.ORG>
From: Brian Fundakowski Feldman <green@FREEBSD.ORG>
X-To: stanislav shalunov <shalunov@att.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200005032129.RAA63519@tuzik.lz.att.com>
On Wed, 3 May 2000, stanislav shalunov wrote:
> > You didn't test it against FreeBSD 4.0 or 5.0 did you?
>
> The document was written (and provided to FreeBSD team as well as
> others) in February, and I used 3.x. I know that 4.0 has changed
> behavior to partially fix netkill, but since I didn't want to gather
> updates from other vendors I didn't mention status update for FreeBSD.
The code to prevent the machine from just giving up and panicking in an
mbuf starvation situation has been around a long time now. The behavior
in 4.0 wasn't to "partially fix netkill"; it was to make the system
resilient to any mbuf-starvation attacks.
green 1999/12/11 21:52:51 PST
Modified files:
sys/conf param.c
sys/kern uipc_mbuf.c uipc_socket.c uipc_syscalls.c
sys/sys mbuf.h
Log:
This is Bosko Milekic's mbuf allocation waiting code. Basically, this
means that running out of mbuf space isn't a panic anymore, and code
which runs out of network memory will sleep to wait for it.
Submitted by: Bosko Milekic <bmilekic@dsuper.net>
Reviewed by: green, wollman
--
Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! /
green@FreeBSD.org `------------------------------'
