Re: Simple DoS
On Jan 10, 2007, at 6:53 AM, Nejc Škoberne wrote: yesterday one of our clients did something interesting (stupid): they connected both ends of an UTP cable to the same switch, to which our FreeBSD server was also connected. [ ... ] Any ideas how to prevent such situations in the future? (I would like to do it on the server side, not on the "user side".) This isn't a FreeBSD-specific issue, but a matter of controlling access to the central networking hardware to only those qualified to deal with it. However, if you purchase higher-quality smart switches, they implement the spanning tree protocol to detect and break loops like the one you've described. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Simple DoS
Nejc Škoberne wrote: > Any ideas how to prevent such situations in the future? (I would like > to do it on the server side, not on the "user side".) Get a switch that runs Spanning Tree Protocol. I don't think there's much you can do on the server about a problem in the switch. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Simple DoS
Your client caused their own DOS by making it impossible to route network traffic. Basically causing an arp storm. In simple terms, don't do that. Not much you can do with dumb clients, except reward them with a bill for their actions. -Derek At 08:53 AM 1/10/2007, Nejc koberne wrote: Hello, yesterday one of our clients did something interesting (stupid): they connected both ends of an UTP cable to the same switch, to which our FreeBSD server was also connected. The server was immediately completely unresponsive from yesterday evening until this morning, when our tech guy went there to see what the problem was. Even when they rebooted the FreeBSD machine, it wouldn't boot normally - disk I/O was very busy and everything was happening unusably slow. After the disconnect from that switch, everything went back to normal. Any ideas how to prevent such situations in the future? (I would like to do it on the server side, not on the "user side".) Thanks, Nejc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Simple DoS
Nejc Škoberne wrote: > Hello, > > yesterday one of our clients did something interesting (stupid): they > connected both ends of an UTP cable to the same switch, to which our > FreeBSD server was also connected. The server was immediately completely > unresponsive from yesterday evening until this morning, when our tech > guy went there to see what the problem was. Even when they rebooted > the FreeBSD machine, it wouldn't boot normally - disk I/O was very > busy and everything was happening unusably slow. After the disconnect > from that switch, everything went back to normal. > > Any ideas how to prevent such situations in the future? (I would like > to do it on the server side, not on the "user side".) First you need to identify what really happened. The story as you tell it has much unknown. What does the server do? Is it forwarding packets so they got stuck in a loop? High disk I/O suggests you have firewall enabled with logging, so every discarded (?) packet generated a log message. If you're using syslog you can tell it not to sync after every message and thus lower the I/O load. If you don't need to inspect the logs, disable the logging. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Simple DoS
Hello, yesterday one of our clients did something interesting (stupid): they connected both ends of an UTP cable to the same switch, to which our FreeBSD server was also connected. The server was immediately completely unresponsive from yesterday evening until this morning, when our tech guy went there to see what the problem was. Even when they rebooted the FreeBSD machine, it wouldn't boot normally - disk I/O was very busy and everything was happening unusably slow. After the disconnect from that switch, everything went back to normal. Any ideas how to prevent such situations in the future? (I would like to do it on the server side, not on the "user side".) Thanks, Nejc smime.p7s Description: S/MIME Cryptographic Signature