Re: Process table attack (from RISKS Digest)

[olle () vattenfall se (Olle Segerdahl,D)]

On Sat, 20 Feb 1999, Mark Boolootian wrote:

> The Process Table Attack is a [relatively] new kind of denial-of-service
> attack that can be waged against numerous network services on a variety of
> different UNIX systems. The attack is launched against network services
> which fork() or otherwise allocate a new process for each incoming TCP/IP
> connection.  Although the standard UNIX operating system places limits on
> the number of processes that any one user may launch, there are no limits on
> the number of processes that the superuser can create other than the hard
> limits imposed by the operating system. Since incoming TCP/IP connections
> are usually handled by servers that run as root, it is possible to
> completely fill a target machine's process table with multiple
> instantiations of network servers. Properly executed, this attack prevents
> any other command from being executed on the target machine.


How is this DoS different from the Old "rescource exaustion" attacks?

Anyone remember the "octopus" ? (keeping multiple sendmail-connections and
depriving the machine of either memory or proc#:s, whichever came first.)

I don't think it's fair to say it's "a [relatively] new kind of denial-of-service attack"

/olle

--
Above views are my own unless explicitly stated otherwise.
God is real, until declared integer.