Re: pkg/49860: DoS against snmpd on netbsd routers

To: Christos Zoulas <christos%zoulas.com@localhost>
Subject: Re: pkg/49860: DoS against snmpd on netbsd routers
From: 6bone%6bone.informatik.uni-leipzig.de@localhost
Date: Sat, 2 May 2015 23:01:42 +0200 (CEST)

On Tue, 28 Apr 2015, Christos Zoulas wrote:

Looks like that qsort is deadly... I wonder why it thinks it needs to
sort something all the time. The arp stuff looks suspect as expected.
(if it is related to ndp). I am not sure if I have time to optimize the
code, but using a hashmap instead of sorting seems to be a good thing
to do.

Yet another information. In normal operation 'ndp -an | wc -l' reportsnearly 1500 entries.


During the attack ndp reports:

ndp: ioctl(SIOCGNBRINFO_IN6): Invalid argument
ndp: failed to get neighbor information
ndp: ioctl(SIOCGNBRINFO_IN6): Invalid argument
ndp: failed to get neighbor information
...

Could that be a problem for the snmpd?

Regards
Uwe

Follow-Ups:
- Re: pkg/49860: DoS against snmpd on netbsd routers
  - From: Christos Zoulas

References:
- Re: pkg/49860: DoS against snmpd on netbsd routers
  - From: Christos Zoulas

Prev by Date: need pics editing?
Next by Date: Re: pkg/49860: DoS against snmpd on netbsd routers
Previous by Thread: Re: pkg/49860: DoS against snmpd on netbsd routers
Next by Thread: Re: pkg/49860: DoS against snmpd on netbsd routers
Indexes:

Home | Main Index | Thread Index | Old Index