[9747] in bugtraq
Re: Process table attack (from RISKS Digest)
daemon@ATHENA.MIT.EDU (Olle Segerdahl,D)
Tue Feb 23 12:27:28 1999
Date: Mon, 22 Feb 1999 18:33:34 +0100
Reply-To: olle@vattenfall.se
From: "Olle Segerdahl,D" <olle@VATTENFALL.SE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990220134253.A14210@muscat.UCSC.EDU>
On Sat, 20 Feb 1999, Mark Boolootian wrote:
> The Process Table Attack is a [relatively] new kind of denial-of-service
> attack that can be waged against numerous network services on a variety of
> different UNIX systems. The attack is launched against network services
> which fork() or otherwise allocate a new process for each incoming TCP/IP
> connection. Although the standard UNIX operating system places limits on
> the number of processes that any one user may launch, there are no limits on
> the number of processes that the superuser can create other than the hard
> limits imposed by the operating system. Since incoming TCP/IP connections
> are usually handled by servers that run as root, it is possible to
> completely fill a target machine's process table with multiple
> instantiations of network servers. Properly executed, this attack prevents
> any other command from being executed on the target machine.
How is this DoS different from the Old "rescource exaustion" attacks?
Anyone remember the "octopus" ? (keeping multiple sendmail-connections and
depriving the machine of either memory or proc#:s, whichever came first.)
I don't think it's fair to say it's "a [relatively] new kind of denial-of-service attack"
/olle
--
Above views are my own unless explicitly stated otherwise.
God is real, until declared integer.
