lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 8 Sep 2003 16:51:12 -0400
From: Lucas Holt <luke@...lishgames.com>
To: psz@...hs.usyd.edu.au (Paul Szabo)
Cc: 3APA3A@...URITY.NNOV.RU, bugtraq@...urityfocus.com
Subject: Re: 11 years of inetd default insecurity?


>
>
> Your cure is worse than the disease: rate limiting allows a DoS 
> against the
> service, no limit allows a DoS against the whole machine.
>
> Cheers,
>
> Paul Szabo - psz@...hs.usyd.edu.au  
> http://www.maths.usyd.edu.au:8000/u/psz/
> School of Mathematics and Statistics  University of Sydney   2006  
> Australia
>

Isn't that the point of system administration, to set reasonable values 
for such things.  A balance between a reasonable load and a full DOS 
attack on the service or machine must be achieved.

I don't see how this feature is bad as long as its used properly.  
Besides many people run multiple services on a host.. if you set the 
value to unlimited all services are DOS'd.  For instance, I have a 
system running apache, sendmail, and imapd.  imapd is spawned by inetd 
and therefore could be DOS'd with a limit.  By setting a limit though, 
my apache and sendmail servers stay up.  I think this is a no brainer.


Lucas Holt
Luke@...lishGames.com
________________________________________________________
FoolishGames.com  (Jewel Fan Site)
JustJournal.com (Free blogging)

"Only two things are infinite, the universe and human stupidity, and 
I'm not sure about the former."
- Albert Einstein (1879-1955)



Powered by blists - more mailing lists