All of the below are representative examples of the lattitude that
a sysamin may be granted when setting up her system. There is a DoS
of each of them. Pick your own policy.
M
> >>>>> "Mark" == Mark Murray <[EMAIL PROTECTED]> writes:
>
> Mark> o A username may only be checked $number times per
> Mark> $timeperiod; after that, _all_ answers are silently
> Mark> converted to "no".
>
> Umm, massive DOS hole.
>
> Mark> o Daemon may only be invoked $number times per $timeperiod;
> Mark> refuses to fork after that.
>
> Another massive DOS hole.
>
> Mark> o Daemon will delay $timeperiod before returning answer.
>
> This is the correct way to deal with (perceived) attacks.
>
> Mark> ... etc. There are possibilities for DoS attacks, but the
> Mark> daemon talks only to a Unix Domain Socket, so finding the
> Mark> perp is easy.
>
> Not if the daemon has shut itself off due to load (#1 or #2 above) and you
> aren't currently logged in to the box.
>
> --lyndon
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message