Re: DoS attack against TCP services

To: "J. Hannken-Illjes" <hannken%eis.cs.tu-bs.de@localhost>
Subject: Re: DoS attack against TCP services
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Fri, 13 Mar 2015 08:03:17 -0400

On Mar 13,  1:00pm, hannken%eis.cs.tu-bs.de@localhost ("J. Hannken-Illjes") wrote:
-- Subject: Re: DoS attack against TCP services

| This would be simple, changing dev/ic/ciss.c like:
| 
|         sc->sc_sme->sme_name =3D device_xname(sc->sc_dev);
|         sc->sc_sme->sme_cookie =3D sc;
|         sc->sc_sme->sme_refresh =3D ciss_sensor_refresh;
| +	sc->sc_sme->sme_events_timeout =3D 60;
| 
| should do the job.  Unfortunately I have no hardware to test.

Yes, but is 60 enough? Leaving the calculation to each driver
is potentially dangerous. Could we make it self adjusting?

| > Nevertheless, I think that the big problem with ciss is now
| > fixed (i.e. it will not hang forever anymore)...
| 
| It may still wait longer than 30 seconds with the sme_mutex held
| leading to deadlock.
| 
| We should use a suitable xs timeout vs. events timeout to make it safe,
| either increase the event timeout or decrease the xs timeout.

It would be nice if it was safe by default, and it should spam the
kernel if it was late so that we know about it...

christos

Follow-Ups:
- Re: DoS attack against TCP services
  - From: J. Hannken-Illjes

References:
- Re: DoS attack against TCP services
  - From: J. Hannken-Illjes

Prev by Date: Re: DoS attack against TCP services
Next by Date: Re: DoS attack against TCP services
Previous by Thread: Re: DoS attack against TCP services
Next by Thread: Re: DoS attack against TCP services
Indexes:

Home | Main Index | Thread Index | Old Index