greenFREEBSD.ORG

• Next message: Steven M. Bellovin: "Re: glibc resolver weakness"
• Previous message: cassiusHUSHMAIL.COM: "Cayman 3220-H DSL Router DOS"
• In reply to: stanislav shalunov: "Re: netkill - generic remote DoS attack"
• Reply: Brian Fundakowski Feldman: "Re: netkill - generic remote DoS attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 3 May 2000, stanislav shalunov wrote:

> > You didn't test it against FreeBSD 4.0 or 5.0 did you?
>
> The document was written (and provided to FreeBSD team as well as
> others) in February, and I used 3.x. I know that 4.0 has changed
> behavior to partially fix netkill, but since I didn't want to gather
> updates from other vendors I didn't mention status update for FreeBSD.

The code to prevent the machine from just giving up and panicking in an
mbuf starvation situation has been around a long time now. The behavior
in 4.0 wasn't to "partially fix netkill"; it was to make the system
resilient to any mbuf-starvation attacks.

green 1999/12/11 21:52:51 PST

  Modified files:
    sys/conf param.c
    sys/kern uipc_mbuf.c uipc_socket.c uipc_syscalls.c
    sys/sys mbuf.h
  Log:
  This is Bosko Milekic's mbuf allocation waiting code. Basically, this
  means that running out of mbuf space isn't a panic anymore, and code
  which runs out of network memory will sleep to wait for it.

  Submitted by: Bosko Milekic <bmilekicdsuper.net>
  Reviewed by: green, wollman

--
 Brian Fundakowski Feldman           \  FreeBSD: The Power to Serve!  /
 greenFreeBSD.org                    `------------------------------'

• Next message: Steven M. Bellovin: "Re: glibc resolver weakness"
• Previous message: cassiusHUSHMAIL.COM: "Cayman 3220-H DSL Router DOS"
• In reply to: stanislav shalunov: "Re: netkill - generic remote DoS attack"
• Reply: Brian Fundakowski Feldman: "Re: netkill - generic remote DoS attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]