Bug 49122 - looping protection a route to DOS
looping protection a route to DOS
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: xinetd (Show other bugs)
7.1
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-07-13 23:06 EDT by ae
Modified: 2007-04-18 12:34 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-07-16 15:48:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description ae 2001-07-13 23:06:59 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.2-2smp i686; Nav)

Description of problem:
Defaults (10 connections per second) not adequate for tftpd (for me at
least). Real problem,
however is that services that trigger the looping protection are shut down
permanently ---
thus a DOS.  Suggest xinetd.conf  say "cps = 10 5" so that looping
protestion is temporary.

How reproducible:
Always

Steps to Reproduce:
1.  edit /etc/xinetd.d/tftp to enable
2.  boot many X terminals at once
3.  suspect problem is general, so any coordinated activity will do.
Telnet?
	

Actual Results:  tftpd stops serving, see /var/log/messages --
tftp service was deactivated because of looping

tftpd service outage is permanent.

Additional info:

recommend make these service outages temporary
through use of cps with TWO parameters, such as "cps = 10 10"
Comment 1 Trond Eivind Glomsrxd 2001-07-16 15:48:07 EDT
It's not specified at all right now...

I'm not sure whether we want to change this or not. Of course, it's always
possible for the admin to do it if it is wanted.
Comment 2 Trond Eivind Glomsrxd 2001-08-23 22:33:36 EDT
Added in 2.3.0-7 and above (higher threshold, though)

Note You need to log in before you can comment on or make changes to this bug.