svn commit: r192463 - head/sys/fs/nfsserver

John Baldwin jhb at freebsd.org
Fri May 22 17:46:38 UTC 2009


On Friday 22 May 2009 12:19:32 pm Rick Macklem wrote:
> 
> On Fri, 22 May 2009, John Baldwin wrote:
> 
> >
> > What about a malicious denial-of-service attack where a malicious client
> > initiates an endless stream of connection attempts to force a panic?  I 
think
> > that is where the concern lies.  I'm sure a malicious client could do it
> > intentionally in less than 136 years, perhaps on the order of seconds 
and/or
> > minutes? :)
> >
> I think blocking IP#s at some external firewall is going to be the only
> way to survive such an attack, but I suppose it's nice if the server
> doesn't reboot during the attack and just gets really really slow.

Yes, I think that is very reasonable and I wouldn't expect anything more than 
that.  Thanks.

-- 
John Baldwin


More information about the svn-src-all mailing list