[26786] in bugtraq
Re: [luca.ercoli@inwind.it: DoS against mysqld]
daemon@ATHENA.MIT.EDU (bda)
Fri Aug 23 13:05:26 2002
Date: Fri, 23 Aug 2002 12:14:18 -0400
From: bda <bda@mirrorshades.net>
To: Simone Piunno <pioppo@ferrara.linux.it>
Message-ID: <20020823161418.GA6129@mirrorshades.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020823161057.GB20205@pioppo.wired>
On Fri, Aug 23, 2002 at 06:10:57PM +0200, Simone Piunno wrote:
> luca.ercoli@inwind.it wrote:
>
> Sorry but this is not a DoS against mysqld,
> this is a DoS against yourself!
>
> Only connections coming from the offending IP address are blocked,
> and I can't see anything wrong in this.
If you're running a shell service of any sort, it's possible that a
local user could "DoS" the MySQL server, and interrupt service for
everyone else.
Of course, that user would then be removed, but it's still a hassle. :-)
However, I agree that blocking the address is the correct behavior. Does
MySQL have a configuration option with which to extempt specific hosts
from being ignored?
--
bda
...
she.never.really.belonged.to.me
http://mirrorshades.org
