[plug] UNIX - RISKS

[Leon Brooks]

HILL Walter wrote:
> I had to way up the inconvenience of the size plus the possibility of
> telling people to suck eggs vs possible risks of attaching your LINUX
> host to a public network data network.

> The Process Table Attack is a [relatively] new kind of denial-of-service
> attack that can be waged against numerous network services on a variety
> of different UNIX systems. The attack is launched against network
> services which fork() or otherwise allocate a new process for each
> incoming TCP/IP connection.  Although the standard UNIX operating system
> places limits on the number of processes that any one user may launch,
> there are no limits on the number of processes that the superuser can
> create other than the hard limits imposed by the operating system. Since
> incoming TCP/IP connections are usually handled by servers that run as
> root, it is possible to completely fill a target machine's process table
> with multiple instantiations of network servers. Properly executed, this
> attack prevents any other command from being executed on the target
> machine.

Yes, it's a standard way to kill NT. Over a 'phone or 64Kb/s ISDN line,
it might slow down a Pentium-class Linux box but it's hardly likely to
murder it.

-- 
No, an Emacs reference mug would not just hold 10 gallons, not even
just brew the coffee for you, it would grind it, roast it and grow it
(not necessarily in that order). It would also sing the national
anthem (which one? All of them - but it would check where it was
first), play bagpipes and do the dishes.
		-- Chris Rovers