Multiple Platform remote CPU load issue in Samba 1.x and 2.x
Christopher R. Hertel
crh at nts.umn.edu
Wed Jun 14 15:30:47 GMT 2000
> My preferred action on getting an attack is
> a) warn the sysadmin via mail
> b) stall the TCP session
It's not just TCP. nmbd displays the same behavior when I fling large
numbers of zero'd packets at it. Under UDP, the goal is to fling the
packet to the floor with as little effort as possible.
You can send back the appropriate ICMP to signal that the connection is
closed or the port is unreachable or some such. I'm not sure which is
correct. You might also silently drop the packet on the floor and not
waste effort.
Chris -)-----
--
Christopher R. Hertel -)----- University of Minnesota
crh at nts.umn.edu Networking and Telecommunications Services
Ideals are like stars; you will not succeed in touching them
with your hands...you choose them as your guides, and following
them you will reach your destiny. --Carl Schultz
More information about the samba-technical
mailing list