Multiple Platform remote CPU load issue in Samba 1.x and 2.x
mdesai at Omneon.com
Wed Jun 14 18:31:59 GMT 2000
> From: James Sutherland [mailto:jas88 at cam.ac.uk]
> To handle a DoS like this, probably the best approach is to
> stop parsing
> after a certain number of tries, and just read and discard
> all the data we
> are fed? At this point, our load is no greater than the attacker's.
I like this approach. David suggested a similar approach,
> Question: What does NT do in this event??
I tried this on NT4.0 ws (from RH Linux 6.0, 2.2.5-15) and
it appears that NT behaves similarly. That is, it only
replies back once (first time) and after that it never
replies to subsequent NBT packets. The cpu load on NT
doesn't go up (just a small spike). On the linux, that
is what I see:
$ nc -v -v 10.35.20.75 139 < /dev/zero
ntws [10.35.20.75] 139 (netbios-ssn) open
send 40960, rcvd 5
Note that 'nc' exits immediately in this case (unlike the samba/linux case).
More information about the samba-technical