Multiple Platform remote CPU load issue in Samba 1.x and 2.x
Christopher R. Hertel
crh at nts.umn.edu
Wed Jun 14 17:38:48 GMT 2000
> You want to reply host or perhaps network unreachable
> if you're fighting off an attack.
> In a previous life, I once had to return router redirects.
> Perhaps a bit too cruel unless you **know** the chap at the
> other end is named Beelzebub...
Sending back the unreachable is one option. It assumes, though, that
a) the other end will honor the message and shut up.
b) the source address in the initial packet is legit.
For a TCP connect, this is okay since you can close the whole connection
(after which the attacker opens a new one, but hey...). As I mentioned,
nmbd uses UDP so there is no connection to close. Since nmbd suffers from
this just as smbd does, you have a choice. You can either respond to
every bogus packet (assuming that the source address is legit) or you can
quietly dump them on the floor.
Christopher R. Hertel -)----- University of Minnesota
crh at nts.umn.edu Networking and Telecommunications Services
Ideals are like stars; you will not succeed in touching them
with your hands...you choose them as your guides, and following
them you will reach your destiny. --Carl Schultz
More information about the samba-technical