Multiple Platform remote CPU load issue in Samba 1.x and 2.x

Christopher R. Hertel crh at nts.umn.edu
Wed Jun 14 15:30:47 GMT 2000


> 	My preferred action on getting an attack is
> 		a) warn the sysadmin via mail
> 		b) stall the TCP session

It's not just TCP.  nmbd displays the same behavior when I fling large 
numbers of zero'd packets at it.  Under UDP, the goal is to fling the 
packet to the floor with as little effort as possible.

You can send back the appropriate ICMP to signal that the connection is 
closed or the port is unreachable or some such.  I'm not sure which is 
correct.  You might also silently drop the packet on the floor and not 
waste effort.

Chris -)-----

-- 
Christopher R. Hertel -)-----                   University of Minnesota
crh at nts.umn.edu              Networking and Telecommunications Services

    Ideals are like stars; you will not succeed in touching them
    with your hands...you choose them as your guides, and following
    them you will reach your destiny.  --Carl Schultz



More information about the samba-technical mailing list