In some mail from Karl Pielorz, sie said: > > Darren Reed wrote: > > > > It is evil connection. Good applications do read data from their sockets, > > > and evil ones do not. And ever if it is good, but silly or busy > > > application, good clients do not send so much data that application > > > can not process it. Am I wrong, there are any examples? > > > > So what if someone manages to crash a program due to a DOS attack ? > > An easy one that comes to mind is syslogd. It's often stuck in disk-wait > > and can easily be targetted with a large number of packets. > > Isn't syslog UDP? - i.e. no ACK? - you could argue (to a point) that this > might even be by design? :) (with regard to if syslog is in diskwait, and over > burdened with traffic, data gets dropped). This, could be construed as a DoS > (in fact it probably is)...
sorry, syslogd doesn't suffer from the same problems that klogd on lamix does (i.e its all datagrams). my mistake. To Unsubscribe: send mail to [email protected] with "unsubscribe freebsd-hackers" in the body of the message
