[7779] in bugtraq
Re: News DoS using sendsys
daemon@ATHENA.MIT.EDU (Russ Allbery)
Thu Aug 27 18:44:27 1998
Date: Thu, 27 Aug 1998 15:11:54 -0700
Reply-To: Russ Allbery <rra@STANFORD.EDU>
From: Russ Allbery <rra@STANFORD.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: "Marco Davids"'s message of "Thu, 27 Aug 1998 18:37:50 +0100"
Marco Davids <mdavids@casema.net> writes:
> Russ suggested:
>> sendsys:*:*:drop
> I wonder, whats wrong with sendsys:*.*:log=sendsys ?
> (and logging all, like version, the others as well)
Because in order for INN to log something, it tries to lock the logfile,
and to lock the logfile it has to spawn a separate shlock process and then
clean up the lock afterwards, and INN's locking is known not to be that
robust (at least currently) under high loads. Not to mention that it's
CPU- and process-intensive.
Since the original poster was worrying about a DoS attack on his news
server, the above has a lot less impact than trying to log the posts. If
one really wants a log of incoming sendsys messages, under INN you can
just create control.sendsys and they'll show up there as regular news
articles (and you can set whatever expire you want, etc.).
--
Russ Allbery (rra@stanford.edu) <URL:http://www.eyrie.org/~eagle/>
