Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: News DoS using sendsys

From: rra () STANFORD EDU (Russ Allbery)
Date: Thu, 27 Aug 1998 15:11:54 -0700

Marco Davids <mdavids () casema net> writes:

Russ suggested:



        sendsys:*:*:drop



I wonder, whats wrong with sendsys:*.*:log=sendsys ?



(and logging all, like version,  the others as well)


Because in order for INN to log something, it tries to lock the logfile,
and to lock the logfile it has to spawn a separate shlock process and then
clean up the lock afterwards, and INN's locking is known not to be that
robust (at least currently) under high loads.  Not to mention that it's
CPU- and process-intensive.

Since the original poster was worrying about a DoS attack on his news
server, the above has a lot less impact than trying to log the posts.  If
one really wants a log of incoming sendsys messages, under INN you can
just create control.sendsys and they'll show up there as regular news
articles (and you can set whatever expire you want, etc.).

--
Russ Allbery (rra () stanford edu)         <URL:http://www.eyrie.org/~eagle/>
Previous By Date Next
Previous By Thread Next

Current thread: