Multiple Platform remote CPU load issue in Samba 1.x and 2.x
James Sutherland
jas88 at cam.ac.uk
Wed Jun 14 14:47:48 GMT 2000
On Wed, 14 Jun 2000, Gerald Carter wrote:
> "J. Robert von Behren" wrote:
> >
> > The open question is what the appropriate fix should be.
> > My thought is to simply track the number of bogus requests
> > sent to the server, and kill the connection when too
> > many of them have been seen.
>
> Just off the top of my head, won't the next bogus request (after being
> dropped) just cause another forked smbd resulting in the same
> behavior?
I think so, which is why we need to do something different - direct
subsequent commands on the duff connection to /dev/null.
> But let's put this into perspective. Everyone should know that if
> they allow the standard NetBIOS ports through their firewall, the are
> asking for it. If someone on your internal network does this, you
> yank their network cable for a week minimum and bang on their head
> with a rubber bat. :-)
Yep - except not everyone is behind a decent firewall. Think about
university machines, for example. (Actually, here we are about to start
blocking the NetBIOS ports, but I suspect we are unusual in that respect.)
Worse, plenty of home users will be getting always-on access (DSL, cable
modems, etc) and having Samba running...
> Let's address the risk. I know the DoS is real, but is it realistic.
> Just asking. No flames please.
It's realistic enough we should deal with it as well as possible,
certainly. I don't think it's a major issue, but it should be dealt with.
James.
More information about the samba-technical
mailing list