Multiple Platform remote CPU load issue in Samba 1.x and 2.x

Gerald Carter gcarter at valinux.com
Wed Jun 14 13:53:39 GMT 2000


"J. Robert von Behren" wrote:
> 
> The open question is what the appropriate fix should be.  
> My thought is to simply track the number of bogus requests 
> sent to the server, and kill the connection when too 
> many of them have been seen.

Just off the top of my head, won't the next bogus request
(after being dropped) just cause another forked smbd
resulting in the same behavior?

But let's put this into perspective.  Everyone should know 
that if they allow the standard NetBIOS ports through 
their firewall, the are asking for it.  If someone on
your internal network does this, you yank their network 
cable for a week minimum and bang on their head with a 
rubber bat. :-)

Let's address the risk.  I know the DoS is real, 
but is it realistic.  Just asking.  No flames please.





jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter at valinux.com
       http://www.samba.org       SAMBA Team           jerry at samba.org
       http://www.eng.auburn.edu/~cartegw

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )


More information about the samba-technical mailing list