Multiple Platform remote CPU load issue in Samba 1.x and 2.x

[Christopher R. Hertel]

> 	You want to reply host or perhaps network unreachable 
> 	if you're fighting off an attack.
> 
> 	In a previous life, I once had to return router redirects.
> 	Perhaps a bit too cruel unless you **know** the chap at the
> 	other end is named Beelzebub...

Sending back the unreachable is one option.  It assumes, though, that
a) the other end will honor the message and shut up.
b) the source address in the initial packet is legit.

For a TCP connect, this is okay since you can close the whole connection
(after which the attacker opens a new one, but hey...).  As I mentioned,
nmbd uses UDP so there is no connection to close.  Since nmbd suffers from
this just as smbd does, you have a choice.  You can either respond to
every bogus packet (assuming that the source address is legit) or you can
quietly dump them on the floor. 

Chris -)-----

-- 
Christopher R. Hertel -)-----                   University of Minnesota
crh at nts.umn.edu              Networking and Telecommunications Services

    Ideals are like stars; you will not succeed in touching them
    with your hands...you choose them as your guides, and following
    them you will reach your destiny.  --Carl Schultz