View Single Post
Old 17th May 2008
cajunman4life cajunman4life is offline
Real Name: Aaron Graves
Package Pilot
 
Join Date: May 2008
Location: Coolidge, Arizona
Posts: 203
Default

I just thought of something... do any of you do anything to prohibit things like forkbombs and other simple DoS attacks?

Do not try this command unless you fully know what it does:
Code:
:(){ :|:& };:
For users with bash as their shell (possibly other shells, too tired to try right now) this is a fork bomb. If your system is improperly set up, running this simple command will bring it crashing down to it's knees. I remember trying this on my Gentoo box a few years ago and nearly crying when it crashed.

Point being, this sort of attack is easily thwarted by setting values in /etc/login.conf for each user class (as appropriate). All users on my box are in the default class (except admins, which have a class called sysadmin and belong to group sysadmin), so I set max processes for default class to 20 (can be adjusted based on how many users, if any, notice the change), and set max memory usage. The default on FreeBSD was unlimited... bad idea for most users.

Also, something else... something so simple that I never really would have thought of until I stumbled across this today: http://www.arbornet.org/~cdalten/grep.html

Code:
cat < /dev/zero > /dev/null &
If you run the above command a few times, your system will not be very happy. I don't think this will really "eat resources" like the fork bomb, but the CPU goes to 100% utilization in short order. To counter this effect, set the cputime variable. For my default user class it's 60s (or 1m will have the same effect). For sysadmins it's 1h (a bit more trustworthy group, also one that may have a legitimate reason to be using lots of cpu time), and root is unlimited.

So, how many of you are rushing off to check your /etc/login.conf now?
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident!
Reply With Quote