[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sendmail DOS

On Thu, 22 Feb 2001 12:59:06 Jean-Francois JOLY wrote:
| Hello Everybody,
|       I've ran Nessus against some servers and it reports me that
| sendmail
|       is vulnerable to a Syn Flood. I've grabbed utilities to test the
|       vulnerabilitie and haven't succeed to reproduce the problem.
|       I've found no information about this vulnerabilitie.
|       Do you know if this is a true problem or just a false report ?
|       In my configuration, Sendmail is run as a standalone daemon.
|       Should I include it in Xinetd to stop the Problem ?

Somehow I don't think its necessary (I could be wrong).
Look in /etc/<mail/>sendmail.cf for:

# load average at which we refuse connections
O RefuseLA=10
# maximum number of children we allow at one time
O MaxDaemonChildren=50
# maximum number of new connections per second
O ConnectionRateThrottle=3

Any of the above options should be able to prevent a DoS, from
their description, if they are implemented correctly.  At least,
they'll offer as much protection as inetd can.  I've used them
before when a mail script when crazy and caused too many

Anyway, Debian Potato ships with Exim, not sendmail.
|       Thanks.
| -- 
| Best regards,
|  Jean-Francois                          mailto:jfjoly@free.fr
| --  
| To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
| with a subject of "unsubscribe". Trouble? Contact
| listmaster@lists.debian.org
Kind regards,				  

Berend De Schouwer, +27-11-712-1435, UCS

Reply to: