On Sat, Feb 21, 2004 at 11:28:40PM +1100, Russell Coker wrote: > On Sat, 21 Feb 2004 19:39, Andrew Suffield <asuffield@debian.org> wrote: > > No, chargen cannot form part of a DoS attack. Nothing which is > > equivalent to or less effective than a UDP flood forms a meaningful > > part of a DoS attack. > > There have been some DoS attacks based on a url of the form: > http://localhost:19/whatever > > From memory they affected Netscape Navigator and IE, and some web proxy > software. > > Whether this is the fault of the application for not having some limit to > memory use is something that we can debate. Chargen-TCP has been used as > part of a DoS attack, and turning it off will alleviate some things. file:///dev/zero works too, or telling them to run :(){:&:};: in a shell. That's not a DoS attack, that's a user-is-a-moron attack. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
signature.asc
Description: Digital signature