[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iplogger is crashing my computer

>>>>> "NLM" == Noah L Meyerhans <frodo@morgul.net> writes:
    NLM>  DoS attacks.  They're really quite easy to implement on a
    NLM> machine running tcplogd.  Run a portscanner on the machine and
    NLM> you'll see the system load jump up to 70 or more.  Run several
    NLM> portscanners at once (and loop them so the system is constantly
    NLM> being portscanned) and watch the load climb up to several
    NLM> hundred or more.  It's almost trivial to bring a system to its
    NLM> knees like this.  I discovered this on my own by portscanning
    NLM> my server, and received an official acknowledgement of the
    NLM> problem via the Debian security mailing list shortly
    NLM> afterwards.  I don't know where to point you for a reference to
    NLM> this.  I bet you could find something by looking at the archive
    NLM> of the security list.

Is this related to the (mis)feature of iplogger where it forks a copy of
tcplogd for every incoming TCP connection ? I have this setting disabled
so that iplogger uses the same tcplogd:

[from /etc/iplogger.conf]
# Uncomment this line if you want an instance of tcplogd run for each
# incoming TCP connection
# CAUTION! It is not recommended to use this feature since this can deny
# service.

Has the author of this program been notified of the problem as well ?

Salman Ahmed
ssahmed AT pathcom DOT com

Reply to: