Bugtraq mailing list archives
Re: News DoS using sendsys
From: rra () STANFORD EDU (Russ Allbery)
Date: Thu, 27 Aug 1998 15:11:54 -0700
Marco Davids <mdavids () casema net> writes:
Russ suggested:
sendsys:*:*:drop
I wonder, whats wrong with sendsys:*.*:log=sendsys ?
(and logging all, like version, the others as well)
Because in order for INN to log something, it tries to lock the logfile, and to lock the logfile it has to spawn a separate shlock process and then clean up the lock afterwards, and INN's locking is known not to be that robust (at least currently) under high loads. Not to mention that it's CPU- and process-intensive. Since the original poster was worrying about a DoS attack on his news server, the above has a lot less impact than trying to log the posts. If one really wants a log of incoming sendsys messages, under INN you can just create control.sendsys and they'll show up there as regular news articles (and you can set whatever expire you want, etc.). -- Russ Allbery (rra () stanford edu) <URL:http://www.eyrie.org/~eagle/>
Current thread:
- Re: News DoS using sendsys Forrest J. Cavalier III (Aug 26)
- <Possible follow-ups>
- Re: News DoS using sendsys Scott Gifford (Aug 26)
- Re: News DoS using sendsys Russ Allbery (Aug 26)
- Re: News DoS using sendsys Andrew V. Kovalev (Aug 27)
- Re: News DoS using sendsys Charlesw (Aug 27)
- Re: News DoS using sendsys David Shaw (Aug 27)
- SV: SV: Serious Security Hole in Hotmail (URL to sourcecode) Jonathan James (Aug 27)
- Re: News DoS using sendsys Julian Cowley (Aug 27)
- Re: News DoS using sendsys Russ Allbery (Aug 27)
- Seyon Security Vulnerability SGI Security Coordinator (Aug 27)
- Re: Seyon Security Vulnerability Alan Cox (Aug 27)
- SECURITY: new nfs-server packages available (fwd) Alan Cox (Aug 27)
- Re: SECURITY: new nfs-server packages available (fwd) Paul Boehm (Aug 27)
- Cisco response re PIX fragmentation issue Cisco Product Security Incident Response Team (Aug 27)
- NFS fix - TurboLinux 2.0 Scott Stone (Aug 27)
- StackGuard-protected Linux and a New StackGuard Compiler Crispin Cowan (Aug 27)
- Re: News DoS using sendsys Andrew V. Kovalev (Aug 27)
- Re: News DoS using sendsys Don Lewis (Aug 27)