Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

FW: mysql: Trivial mSQL/MySQL DoS method? (fwd)

From: monty () MONTY PP SCI FI (Michael Widenius)
Date: Thu, 26 Mar 1998 23:41:43 +0200

Hi all,

        Just FYI, here is what was posted to the MySQL list from the MySQL
author regarding the DoS attack.

Scott


-----FW: <199803262141.XAA10491 () monty pp sci fi>-----

Date: Thu, 26 Mar 1998 23:41:43 +0200
Sender: owner-mysql () analytikerna se
From: Michael Widenius <monty () monty pp sci fi>
To: "Joel B. Stalder" <joel () uptimecomputers com>
Subject: mysql: Trivial mSQL/MySQL DoS method? (fwd)
Cc: mysql () tcx se


This never was fatal (only VERY annoying) for MySQL 3.20 !  MySQL has
a timeout of 30 seconds for each read from the client. This means
that the 'hang' only lasts 30 seconds for MySQL.
MySQL 3.21.26 and below has the same problem.


From the changelog of 3.21.27 (I am compiling a distribution just now):


* Changed connect timeout to 3 seconds to make it somewhat harder
  for crackers to kill mysqld trough telnet + TCP/IP.

Yours,
Monty

< original fwd by Joel B. Stalder removed >
Previous By Date Next
Previous By Thread Next

Current thread: