Re: iplogger is crashing my computer
>>>>> "NLM" == Noah L Meyerhans <frodo@morgul.net> writes:
NLM> DoS attacks. They're really quite easy to implement on a
NLM> machine running tcplogd. Run a portscanner on the machine and
NLM> you'll see the system load jump up to 70 or more. Run several
NLM> portscanners at once (and loop them so the system is constantly
NLM> being portscanned) and watch the load climb up to several
NLM> hundred or more. It's almost trivial to bring a system to its
NLM> knees like this. I discovered this on my own by portscanning
NLM> my server, and received an official acknowledgement of the
NLM> problem via the Debian security mailing list shortly
NLM> afterwards. I don't know where to point you for a reference to
NLM> this. I bet you could find something by looking at the archive
NLM> of the security list.
Is this related to the (mis)feature of iplogger where it forks a copy of
tcplogd for every incoming TCP connection ? I have this setting disabled
so that iplogger uses the same tcplogd:
[from /etc/iplogger.conf]
# Uncomment this line if you want an instance of tcplogd run for each
# incoming TCP connection
# CAUTION! It is not recommended to use this feature since this can deny
# service.
#do-fork
Has the author of this program been notified of the problem as well ?
--
Salman Ahmed
ssahmed AT pathcom DOT com
Reply to: