| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 08 Mar 2008 13:26:41 +0100 From: Jarek Poplawski <jarkao2@...il.com> To: Krzysztof Oledzki <olel@....pl> CC: Denys Fedoryshchenko <denys@...p.net.lb>, netdev@...r.kernel.org Subject: Re: DoS by cat /proc/net/ip_conntrack ? Krzysztof Oledzki wrote, On 03/06/2008 02:51 PM: > > On Thu, 6 Mar 2008, Denys Fedoryshchenko wrote: ... >> i tried to issue command cat /proc/net/ip_conntrack |grep 'something' >> >> Router went dead for about 2 minutes, even i disconnect ssh session. ... >> I dont think it is normal, and such command taking a lot of system resources >> and cause whole system to hang. >> >> Kernel 2.6.24.2 > > The answer is quite simple here: don't do this. Instead use "conntrack -L" > as netlink is much more effective and better designed. I think, Denys is concerned about some other, maybe too curious users if they can read this? Regards, Jarek P. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists