I was having a conversation with, you could say, one of my friends and it somehow turned into a bit of a bet you can't hack me challenge. Anyways, in the course of this he managed to freeze my OpenBSD 3.0 firewall/nat box with some sort of attack. When I checked my system logs after a reboot, I found this message:
hostname /bsd: WARNING: mclpool limit reached; increase NMBCLUSTERS Searched the Goog for the error message and I found an old thread describing almost exactly what happened to my box. It was still useable to ping addresses, but any type of activity with domain names would not work. No internet connectivity was available at all on internal boxes. Here's the original bugtraq thread: http://online.securityfocus.com/archive/1/80844 My question is in two parts. First, what can I do to prevent this from happening again. That is the only result I found and it references no patches or other solutions. I guess updating to the latest BSD is a possibility, but if i wasn't fixed in 3.0, why would it be fixed in the current one, considering that the bug was discovered over 2 years ago? Secondly, what can I do to prevent this from happening again- would some sort of IDS help in this regard or is it merely one of those DOS attacks that you can't help but succumb too. Finally, an unrelated question. I'm semi experienced in setting up a secure linux system, but there is a severe lack of documentation on secure openbsd systems out there. Can anyone reccomend a source of even a book to help me get up to speed? Thanks in advance for answering my questions, it is much appreciated.
