Re: Trivial mSQL/MySQL DoS method?

[nigelr () NELGIN RSN HP COM (Nigel Reed)]

Confirmed with 2.0.1 under HPUX 10.20 and NetBSD 1.3

If I keep repeatedly opening telnet sessions, it will make msqladmin
hang, although once a telnet session times out, then it will carry on
as normal.

I dont have 2.0.3 but I expect it will be similar - thanks for the
heads up on this one.

I'll pass it on to the author (who doesn't appear to be doing much these
days so I doubt there will be a speedy fix)

Regards
Nigel

> It seems that if one wants to bring a website that relies heavily on mSQL or
> MySQL to it's knees, simply telnet to the port the server listens on (1112
> for mSQL or 3333 for MySQL) and then just sit there, forget about it.
>
> Nothing on the server will be able to query any of the databases. The
> admin shutdown or reload commands will hang, etc. As long as someone
> keeps the null connection open to the SQL server's port, the only way
> to resume database operations is to kill the parent process and restart
> the daemon.
>
> This seems to work regardless of what's in the acl files or tables.
>
> A site using mod_auth_msql or mod_auth_mysql would be especially
> inconvenienced.
>
> -mark
>
> ---
> Mark Jeftovic                   aka: mark jeff or vic, stunt pope.
> markjr () shmOOze net              http://www.shmOOze.net/~markjr
> Private World's BOFH            http://www.PrivateWorld.com
> irc: L-bOMb                     Keep `em Guessing


--
Nigel Reed            Please do NOT send me MIME email. I will only
                  read TEXT based email. MIME will be unread and deleted
Consultant  Work: 972 497 4877   Home Email: nigel () nelgin nu
Hewlett Packard HPSD, 3000 Waterview Parkway, Richardson, Tx, 75080

ANTI SPAM FILTER IN USE :: REMOVE SPAM-ME-NOT IF REPLYING TO NEWSGROUP MESSAGE