oss-sec mailing list archives
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)
From: Solar Designer <solar () openwall com>
Date: Wed, 4 Jan 2012 00:49:43 +0400
Hi, One of the ideas I have is to make the per-source limit(s) dynamic - based on the remaining number of free slots (for a given category, if applicable - e.g., with per-netblock limits). The attached Perl script simulates a worst-case scenario for an algorithm implementing this. Specifically, with 1000 slots and allocations starting at 10 slots per source (and reducing all the way to 1 per source as we're about to run out of free slots), we're able to accept connections from at least 292 different source addresses. With 1000 slots, but starting at 50 slots per source, we're able to accept connections from at least 88 different source addresses. $ ./persource.pl | wc -l 292 $ for n in {10..1}; do ./persource.pl | fgrep -cx $n; done 10 12 12 14 17 20 24 34 49 100 Alexander
Attachment:
persource.pl
Description:
Current thread:
- speaking of DoS, openssh and dropbear (CVE-2006-1206) Nico Golde (Jan 01)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 01)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Mike O'Connor (Jan 01)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 01)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried (Jan 01)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Eitan Adler (Jan 01)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried (Jan 02)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Nico Golde (Jan 02)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 02)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Nico Golde (Jan 03)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Mike O'Connor (Jan 01)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 03)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried (Jan 03)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 11)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 01)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) David Hicks (Jan 05)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) The Fungi (Jan 05)
- Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried (Jan 05)