[9777] in bugtraq
Denial of service process table attacks
daemon@ATHENA.MIT.EDU (John Conover)
Tue Feb 23 21:46:16 1999
Date: Tue, 23 Feb 1999 08:43:24 -0000
Reply-To: John Conover <conover@INOW.COM>
From: John Conover <conover@INOW.COM>
To: BUGTRAQ@NETSPACE.ORG
The DNS process table attacks are mentioned at:
http://lwn.net/daily/ptable.html
I have been using tcpserver as a replacement for inetd for many
months. It is at:
ftp://koobera.math.uic.edu/www/ucspi-tcp.html
and allows limiting the *_number_* of concurrent processes forked out
of the inet facilities, as opposed to the *_rate_* of forked
processes.
Also, optionally, allows logging by port, with access control via a
fast database, by IP, and user.
I'm currently using it on httpd, ftp, faxd, smtp, telnet, pop3, and
the qmail daemons. Seems viable.
FWIW, FYI ...
John
--
John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA.
VOX 408.370.2688, FAX 408.379.9602
conover@inow.com, http://www2.inow.com/~conover/john.html
