On Mon, 4 Feb 2013, Alexandr Kovalenko wrote: > On Mon, Feb 4, 2013 at 6:27 PM, Fabian Wenk <fabian@wenks.ch> wrote: > > A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial of > > Service" [1] on the Full-Disclosure mailing list. Is this a known issue to > > the FreeBSD community? > > > > [1] > > http://lists.grok.org.uk/pipermail/full-disclosure/2013-February/089583.html > > > > There are also many ftp.*.freebsd.org mirrors listed in the above mention > > posting, so I also put freebsd-hubs@ into the recipient list. This will > > probably help, that ftp mirror operators are alerted and can take any action > > if needed. > > I can confirm this is an issue on stable/9 r245742. Though I hardly > can call it DoS as normally ftp account is running with well-defined > ulimits and proper ftpd usage pattern does not generate much CPU > usage, so you can keep limits pretty much low, thus not being affected > by so-called "DoS". > > Nevertheless any ideas on how to fix our glob(3)? Not the global fix, but workaround (kinda) for current situation, via dadv: Add to your /etc/login.conf ftp:\ :priority=20:\ :cputime=5: :tc=default: and rebuild yout login.conf database via cap_mkdb /etc/login.conf Than, apply newly create class to anonymous ftp user: pw usermod ftp -L ftp This should not affect regular ftp consumer, as they are hardly comsume host' resources, but will stop malicious anonymous users from eating your CPU resources. -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"