I noticed with active ftp clients (specifically IMP's .forward modification
plugin), an sbsize of something under 32M in /etc/login.conf on the target
server now gives
Can't create data socket (M-^A> (^A,_<F5>^R(^C): No buffer space
available.
in the ftp logs. What is a safe value to prevent users from abusing the
system by eating up all mbufs ? There is a local DoS if sbsize was left as
unlimited.
(http://groups.google.ca/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=20000603234039.X17973_fw.wintelcom.net%40ns.sol.net&rnum=2&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dsbsize%2Bfreebsd%2Bdos)
32MB seems like an oddly large number for just a small ftp session. This
changed sometime between Jan 21st and Feb 15th it would seem. Previously
an sbzise of :sbsize=512K:\ would work just fine. Not sure if its ftpd or
something in the kernel ?
Is there any way for an active ftp session to work as well as protecting my
system from a local DoS ?
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
