On Sat, Feb 20, 1999 at 01:42:53PM -0800, Mark Boolootian <boolooat_private> wrote: > Date: Fri, 19 Feb 1999 16:08:06 -0500 > >From: "Simson L. Garfinkel" <simsongat_private> > Subject: Process-table attack > > Wide-ranging attack works against almost any UNIX systems on the Internet > > ABSTRACT: > > The Process Table Attack is a [relatively] new kind of denial-of-service > attack that can be waged against numerous network services on a variety of > different UNIX systems. The attack is launched against network services > which fork() or otherwise allocate a new process for each incoming TCP/IP > connection. Although the standard UNIX operating system places limits on > the number of processes that any one user may launch, there are no limits on > the number of processes that the superuser can create other than the hard > limits imposed by the operating system. Since incoming TCP/IP connections > are usually handled by servers that run as root, it is possible to > completely fill a target machine's process table with multiple > instantiations of network servers. Properly executed, this attack prevents > any other command from being executed on the target machine. I have not tested this, but I don't think this is true for at least FreeBSD. You see, it has what is called login limits and you can indeed put limits on root login user. From /etc/login.conf: #root:\ # :cputime=infinity:\ # :datasize=infinity:\ # :stacksize=infinity:\ # :memorylocked=infinity:\ # :memoryuse=infinity:\ # :filesize=infinity:\ # :coredumpsize=infinity:\ # :openfiles=infinity:\ # :maxproc=infinity:\ # :memoryuse-cur=32M:\ # :maxproc-cur=64:\ # :openfiles-cur=1024:\ # :priority=0:\ # :requirehome@:\ # :umask=022:\ # :tc=auth-root-defaults: As far as I know (and I am sure 2829 peole will correct me if I am not), changing infinity to a numeric value should produce a desired result. AGAIN: I have not tested this yet for root user - but I know that the login limits do work for normal users. -- Yan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:12 PDT