Multiple Platform remote CPU load issue in Samba 1.x and 2.x

Maulik Desai mdesai at
Wed Jun 14 18:31:59 GMT 2000

> From: James Sutherland [mailto:jas88 at]
> To handle a DoS like this, probably the best approach is to 
> stop parsing
> after a certain number of tries, and just read and discard 
> all the data we
> are fed? At this point, our load is no greater than the attacker's.

I like this approach. David suggested a similar approach, 
I think.

> Question: What does NT do in this event??

I tried this on NT4.0 ws (from RH Linux 6.0, 2.2.5-15) and 
it appears that NT behaves similarly. That is, it only 
replies back once (first  time) and after that it never 
replies to subsequent NBT packets. The  cpu load on NT 
doesn't go up (just a small spike). On the linux, that 
is what I see:

$ nc -v -v 139 < /dev/zero
  ntws [] 139 (netbios-ssn) open
   send 40960, rcvd 5

Note that 'nc' exits immediately in this case (unlike the samba/linux case).


More information about the samba-technical mailing list