Red Hat Bugzilla – Bug 49122
looping protection a route to DOS
Last modified: 2007-04-18 12:34:45 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.2-2smp i686; Nav)
Description of problem:
Defaults (10 connections per second) not adequate for tftpd (for me at
least). Real problem,
however is that services that trigger the looping protection are shut down
thus a DOS. Suggest xinetd.conf say "cps = 10 5" so that looping
protestion is temporary.
Steps to Reproduce:
1. edit /etc/xinetd.d/tftp to enable
2. boot many X terminals at once
3. suspect problem is general, so any coordinated activity will do.
Actual Results: tftpd stops serving, see /var/log/messages --
tftp service was deactivated because of looping
tftpd service outage is permanent.
recommend make these service outages temporary
through use of cps with TWO parameters, such as "cps = 10 10"
It's not specified at all right now...
I'm not sure whether we want to change this or not. Of course, it's always
possible for the admin to do it if it is wanted.
Added in 2.3.0-7 and above (higher threshold, though)