Possible DoS in mpd 5.6 pppoe server

Gleb Smirnoff glebius at FreeBSD.org
Mon Apr 22 09:45:03 UTC 2013


On Sat, Apr 20, 2013 at 02:26:10PM -0300, Marcelo Gondim wrote:
M> >> I'm doing tests with mpdas pppoeserver. Tried to simulate an attack of
M> >> 1000 connections using an incorrect login and after a certain time can
M> >> cause a kernel panic in the system. Below the panicgenerated:
M> >>
M> >> http://pastebin.com/nUXGVR3y
M> > You seem to use dummynet and the problem is not in mpd/pppoe code,
M> > it's it the dummynet code. Look at http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/162558
M> > for workarounds.
M> Ok  :)  I will try this:
M> - net.isr.bindthreads=1 in /boot/loader.conf;
M> - net.isr.direct=1 and net.isr.direct_force=1 in /etc/sysctl.conf

Be advised, that these settings do not fix the problem with dummynet, they
just make the race less probable to happen.

Totus tuus, Glebius.

More information about the freebsd-stable mailing list