cvs commit: src/etc syslog.conf

Mike Silbersack silby at silby.com
Tue Feb 22 08:20:57 GMT 2005


On Tue, 22 Feb 2005, Gleb Smirnoff wrote:

>  Security:       this change fixes a DoS condition, when default system
>                  console is serial, and box is flooded with bogus ARP
>                  packets

Go rate-limit those messages, like we do with other kernel messages.  grep 
for "ppsratecheck" in /usr/src/sys/kern to see the other users of that 
function.

If losing information about the flood is an issue, you could use 
ppsratecheck to ensure that a generic "arp flood" message goes to the 
console, but the actual messages are sent with a lower priority.

Mike "Silby" Silbersack


More information about the cvs-src mailing list