Bug 49122 - looping protection a route to DOS
Summary: looping protection a route to DOS
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: xinetd
Version: 7.1
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Trond Eivind Glomsrxd
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-07-14 03:06 UTC by ae
Modified: 2007-04-18 16:34 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2001-07-16 19:48:12 UTC
Embargoed:


Attachments (Terms of Use)

Description ae 2001-07-14 03:06:59 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.2-2smp i686; Nav)

Description of problem:
Defaults (10 connections per second) not adequate for tftpd (for me at
least). Real problem,
however is that services that trigger the looping protection are shut down
permanently ---
thus a DOS.  Suggest xinetd.conf  say "cps = 10 5" so that looping
protestion is temporary.

How reproducible:
Always

Steps to Reproduce:
1.  edit /etc/xinetd.d/tftp to enable
2.  boot many X terminals at once
3.  suspect problem is general, so any coordinated activity will do.
Telnet?
	

Actual Results:  tftpd stops serving, see /var/log/messages --
tftp service was deactivated because of looping

tftpd service outage is permanent.

Additional info:

recommend make these service outages temporary
through use of cps with TWO parameters, such as "cps = 10 10"

Comment 1 Trond Eivind Glomsrxd 2001-07-16 19:48:07 UTC
It's not specified at all right now...

I'm not sure whether we want to change this or not. Of course, it's always
possible for the admin to do it if it is wanted.

Comment 2 Trond Eivind Glomsrxd 2001-08-24 02:33:36 UTC
Added in 2.3.0-7 and above (higher threshold, though)


Note You need to log in before you can comment on or make changes to this bug.