Possible DoS in mpd 5.6 pppoe server
Gleb Smirnoff
glebius at FreeBSD.org
Mon Apr 22 09:45:03 UTC 2013
Marcelo,
On Sat, Apr 20, 2013 at 02:26:10PM -0300, Marcelo Gondim wrote:
M> >> I'm doing tests with mpdas pppoeserver. Tried to simulate an attack of
M> >> 1000 connections using an incorrect login and after a certain time can
M> >> cause a kernel panic in the system. Below the panicgenerated:
M> >>
M> >> http://pastebin.com/nUXGVR3y
M> > You seem to use dummynet and the problem is not in mpd/pppoe code,
M> > it's it the dummynet code. Look at http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/162558
M> > for workarounds.
M> Ok :) I will try this:
M>
M> - net.isr.bindthreads=1 in /boot/loader.conf;
M> - net.isr.direct=1 and net.isr.direct_force=1 in /etc/sysctl.conf
Be advised, that these settings do not fix the problem with dummynet, they
just make the race less probable to happen.
--
Totus tuus, Glebius.
More information about the freebsd-stable
mailing list