On Sat, 20 Feb 1999, Mark Boolootian wrote: > The Process Table Attack is a [relatively] new kind of denial-of-service > attack that can be waged against numerous network services on a variety of > different UNIX systems. The attack is launched against network services > which fork() or otherwise allocate a new process for each incoming TCP/IP > connection. Although the standard UNIX operating system places limits on > the number of processes that any one user may launch, there are no limits on > the number of processes that the superuser can create other than the hard > limits imposed by the operating system. Since incoming TCP/IP connections > are usually handled by servers that run as root, it is possible to > completely fill a target machine's process table with multiple > instantiations of network servers. Properly executed, this attack prevents > any other command from being executed on the target machine. How is this DoS different from the Old "rescource exaustion" attacks? Anyone remember the "octopus" ? (keeping multiple sendmail-connections and depriving the machine of either memory or proc#:s, whichever came first.) I don't think it's fair to say it's "a [relatively] new kind of denial-of-service attack" /olle -- Above views are my own unless explicitly stated otherwise. God is real, until declared integer.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:01 PDT