On Aug 27, 9:32am, David Shaw wrote: } Subject: Re: News DoS using sendsys } On Wed, Aug 26, 1998 at 03:52:58PM -0700, Russ Allbery wrote: } > There are several possible solutions at different levels of complexity. } > } > First, please make sure that your control.ctl file or the equivalent has a } > line like: } > } > sendsys:*:*:drop } } While you're at it, it might be worth adding: } } senduuname:*:*:drop } version:*:*:drop } } I suspect that once everyone configures their server to stop responding to } sendsys, the bombers will switch to senduuname and version. I have } already seen a hundred "version" requests come in. Neither version nor } senduuname are relevant to the overwhelming majority of INN installations } out there. Yup, they've already switched. There's still a lot of overhead even if you configure "drop". Here's something that I found in news.admin.technical that is relevant for INN users: > From: raoulat_private (Nico Garcia) > Subject: Re: System bogs during sendsys bomb attacks > Approved: scottat_private-Bay.ORG > Sender: scottat_private-Bay.ORG (Scott Hazen Mueller) > Organization: The Internet Access Company > Message-ID: <6r8cum$dtf@news-central.tiac.net> > References: <6r6ir7$c6g$1at_private> > Date: Mon, 17 Aug 1998 05:38:28 GMT > Lines: 19 > > In article <6r6ir7$c6g$1at_private>, > Paul Tomblin <ptomblinat_private> wrote: > >I'm running stock INN 1.7.2, and every time I get a batch of HIPCRIME sendsys > >bombs, my load average breifly goes up through the roof. This is in spite of > >the fact that I have it set to drop sendsys in control.ctl. I seem to have a > >copy of /var/lib/newsbin/control/sendsys running for each message. Is there a > >tweak I can do somewhere to reduce the priority on these things. I thought > >they were run out of ctlrun, but that doesn't appear to be the case. > > "echo exit >/var/lib/newsbin/control/sendsys" > > That won't prevent the processes but it will shorten the hell out > of their execution time. > > -- > Nico Kadel-Garcia, ne' Garcia > raoulat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:13:55 PDT