Multiple Platform remote CPU load issue in Samba 1.x and 2.x

Christopher R. Hertel crh at
Wed Jun 14 17:38:48 GMT 2000

> 	You want to reply host or perhaps network unreachable 
> 	if you're fighting off an attack.
> 	In a previous life, I once had to return router redirects.
> 	Perhaps a bit too cruel unless you **know** the chap at the
> 	other end is named Beelzebub...

Sending back the unreachable is one option.  It assumes, though, that
a) the other end will honor the message and shut up.
b) the source address in the initial packet is legit.

For a TCP connect, this is okay since you can close the whole connection
(after which the attacker opens a new one, but hey...).  As I mentioned,
nmbd uses UDP so there is no connection to close.  Since nmbd suffers from
this just as smbd does, you have a choice.  You can either respond to
every bogus packet (assuming that the source address is legit) or you can
quietly dump them on the floor. 

Chris -)-----

Christopher R. Hertel -)-----                   University of Minnesota
crh at              Networking and Telecommunications Services

    Ideals are like stars; you will not succeed in touching them
    with your choose them as your guides, and following
    them you will reach your destiny.  --Carl Schultz

More information about the samba-technical mailing list