Firewall Wizards mailing list archives
Re: ZDNet Article: "Major Unix flaw emerges"
From: David LeBlanc <dleblanc () mindspring com>
Date: Tue, 02 Mar 1999 11:54:13 -0500
At 07:16 PM 3/1/99 -0500, David C Niemi wrote:
I'm interested in collecting feedback to this article off-line, from those who have some knowledge about the vulnerability of UNIX-based firewalls and servers to denial of service by filling up the process table via null connections. I'm also curious whether this vulnerability applies to NT as well, and if not why not. The article is at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2217922,00.html
The answer is yes and no. In the general case, we're looking at a resource starvation attack, and NT isn't any more or less susceptable to that type of attack than any other OS. However, NT daemons (services) typically use threads rather than heavyweight processes, and the number of running threads is limited by available RAM, not the size of some table. It is also typical for an NT daemon to use a pool of threads to handle incoming requests (e.g., IIS), so an attack would most likely cause a DoS to a single service, and not nuke the entire machine. I do know of exceptions to this. I've also noticed NT tending to get annoyed when you have very large numbers of sockets open (10-20,000), but that isn't a very practical remote attack most of the time. David LeBlanc dleblanc () mindspring com
Current thread:
- RE: Hacked R. DuFresne (Mar 01)
- ZDNet Article: "Major Unix flaw emerges" David C Niemi (Mar 02)
- Re: ZDNet Article: "Major Unix flaw emerges" David LeBlanc (Mar 03)
- Re: ZDNet Article: "Major Unix flaw emerges" dbell (Mar 03)
- <Possible follow-ups>
- RE: Hacked dreamwvr (Mar 02)
- RE: Hacked Bluefish [@ home] (Mar 03)
- Re: Hacked Bennett Todd (Mar 04)
- ZDNet Article: "Major Unix flaw emerges" David C Niemi (Mar 02)