Multiple Platform remote CPU load issue in Samba 1.x and 2.x
David Collier-Brown
David.Collier-Brown at canada.sun.com
Wed Jun 14 16:36:44 GMT 2000
"Christopher R. Hertel" wrote:
>
> > My preferred action on getting an attack is
> > a) warn the sysadmin via mail
> > b) stall the TCP session
>
> It's not just TCP. nmbd displays the same behavior when I fling large
> numbers of zero'd packets at it. Under UDP, the goal is to fling the
> packet to the floor with as little effort as possible.
>
> You can send back the appropriate ICMP to signal that the connection is
> closed or the port is unreachable or some such.
You want to reply host or perhaps network unreachable
if you're fighting off an attack.
In a previous life, I once had to return router redirects.
Perhaps a bit too cruel unless you **know** the chap at the
other end is named Beelzebub...
--dave
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical
mailing list