| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Apr 2021 11:43:15 +0200
From: Eric Dumazet <edumazet@...gle.com>
To: Matt Corallo <netdev-list@...tcorallo.com>
Cc: Willy Tarreau <w@....eu>, Keyu Man <kman001@....edu>,
David Ahern <dsahern@...il.com>,
Florian Westphal <fw@...len.de>,
David Miller <davem@...emloft.net>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
David Ahern <dsahern@...nel.org>,
Jakub Kicinski <kuba@...nel.org>,
netdev <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Zhiyun Qian <zhiyunq@...ucr.edu>
Subject: Re: PROBLEM: DoS Attack on Fragment Cache
On Sun, Apr 18, 2021 at 4:31 PM Matt Corallo
<netdev-list@...tcorallo.com> wrote:
>
> Should the default, though, be so low? If someone is still using a old modem they can crank up the sysctl, it does seem
> like such things are pretty rare these days :). Its rather trivial to, without any kind of attack, hit 1Mbps of lost
> fragments in today's networks, at which point all fragments are dropped. After all, I submitted the patch to "scratch my
> own itch" :).
Again, even if you increase the values by 1000x, it is trivial for an
attacker to use all the memory you allowed.
And allowing a significant portion of memory to be eaten like that
might cause OOM on hosts where jobs are consuming all physical memory.
It is a sysctl, I changed things so that one could really reserve/use
16GB of memory if she/he is desperate about frags.
>
> Matt
>
> On 4/18/21 00:39, Willy Tarreau wrote:
> > I do agree that we shouldn't keep them that long nowadays, we can't go
> > too low without risking to break some slow transmission stacks (SLIP/PPP
> > over modems for example).
Powered by blists - more mailing lists