lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Sep 2003 16:51:12 -0400 From: Lucas Holt <luke@...lishgames.com> To: psz@...hs.usyd.edu.au (Paul Szabo) Cc: 3APA3A@...URITY.NNOV.RU, bugtraq@...urityfocus.com Subject: Re: 11 years of inetd default insecurity? > > > Your cure is worse than the disease: rate limiting allows a DoS > against the > service, no limit allows a DoS against the whole machine. > > Cheers, > > Paul Szabo - psz@...hs.usyd.edu.au > http://www.maths.usyd.edu.au:8000/u/psz/ > School of Mathematics and Statistics University of Sydney 2006 > Australia > Isn't that the point of system administration, to set reasonable values for such things. A balance between a reasonable load and a full DOS attack on the service or machine must be achieved. I don't see how this feature is bad as long as its used properly. Besides many people run multiple services on a host.. if you set the value to unlimited all services are DOS'd. For instance, I have a system running apache, sendmail, and imapd. imapd is spawned by inetd and therefore could be DOS'd with a limit. By setting a limit though, my apache and sendmail servers stay up. I think this is a no brainer. Lucas Holt Luke@...lishGames.com ________________________________________________________ FoolishGames.com (Jewel Fan Site) JustJournal.com (Free blogging) "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - Albert Einstein (1879-1955)
Powered by blists - more mailing lists