Re: Multiple vendors FTP denial of service (fwd)

From: Crist J. Clark (cjclark@reflexnet.net)
Date: 03/16/01

• Next message: ho-sang, yoon: "Re: Multiple vendors FTP denial of service (fwd)"
• Previous message: Kris Kennaway: "Re: Multiple vendors FTP denial of service (fwd)"
• In reply to: Kris Kennaway: "Re: Multiple vendors FTP denial of service (fwd)"
• Next in thread: Anil Jangity: "Re: Multiple vendors FTP denial of service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 15 Mar 2001 22:37:36 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Kris Kennaway <kris@obsecurity.org>

On Thu, Mar 15, 2001 at 09:59:13PM -0800, Kris Kennaway wrote:
> On Thu, Mar 15, 2001 at 03:42:29PM -0800, Michael A. Dickerson wrote:
> > > 4.1 from Aug 10th is hurt by it.
> > >
> > > ---Mike
> > >
> >
> > So is 4.3-beta (otherwise known as 4-stable) from March 8. ftpd uses 100%
> > cpu and memory use grows until the kernel runs out of swap space and starts
> > killing processes. This was an ftp connection with a regular username and
> > password, in an average home directory.
>
> I'm pretty sure (but haven't tested) that resource limits will prevent
> this problem. Your ftpd shouldn't be using large amount of memory
> under normal operating procedures, so you can set those to reasonable
> values and not suffer any ill effects.

And this really does not have a lot directly to do with ftpd. Try,

  $ ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/

At a command line and watch what the shell does. It's a general
globbing issue.

Anyway, as for ftpd, all a user can kill the ftpd process they are
using provided, as Kris points out, resource limits are set
appropriately. The user can do pretty much the same thing by logging
out.

-- 
Crist J. Clark                           cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: ho-sang, yoon: "Re: Multiple vendors FTP denial of service (fwd)"
• Previous message: Kris Kennaway: "Re: Multiple vendors FTP denial of service (fwd)"
• In reply to: Kris Kennaway: "Re: Multiple vendors FTP denial of service (fwd)"
• Next in thread: Anil Jangity: "Re: Multiple vendors FTP denial of service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Memory Analysis confuse me ... When phisycal memory is exhausted Swap is used, if even the swap is completely ... used the system start killing processes in an attempt to stay alive. ... move some spaces of cache to free memory usage. ... (comp.os.linux.misc) Re: Multiple vendors FTP denial of service (fwd) ... cpu and memory use grows until the kernel runs out of swap space and starts ... killing processes. ... (FreeBSD-Security) Re: Memory usage per memory zone ... I have a box where the oom-killer is killing processes due to running ... How do you know that the memory pressure on zone normal stand out alone? ... I would quite like to not guess though - is it possible to use slabtop ... (Linux-Kernel) Re: Memory usage per memory zone ... I have a box where the oom-killer is killing processes due to running ... How do you know that the memory pressure on zone normal stand out alone? ... I would quite like to not guess though - is it possible to use slabtop ... (Linux-Kernel)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-03