From owner-FreeBSD-net-jp@jp.freebsd.org  Mon Aug 18 16:48:41 1997
Received: by jaz.jp.freebsd.org (8.8.7+2.7Wbeta5/8.7.3) id QAA14858
	Mon, 18 Aug 1997 16:48:41 +0900 (JST)
Received: by jaz.jp.freebsd.org (8.8.7+2.7Wbeta5/8.7.3) with ESMTP id QAA14852
	for <FreeBSD-net-jp@jp.freebsd.org>; Mon, 18 Aug 1997 16:48:38 +0900 (JST)
Received: from localhost (matusita@localhost [127.0.0.1]) by skylark.ics.es.osaka-u.ac.jp (8.8.7+2.7Wbeta6/3.5Wpl5/ICS-2.2.1Wv7-SKYLARK) with ESMTP id QAA14994 for <FreeBSD-net-jp@jp.freebsd.org>; Mon, 18 Aug 1997 16:48:31 +0900 (JST)
To: FreeBSD-net-jp@jp.freebsd.org
In-Reply-To: Your message of "18 Aug 1997 15:06:36 +0900"
	<19970818060127.4071.qmail@reseau.toyonaka.osaka.jp>
References: <19970818060127.4071.qmail@reseau.toyonaka.osaka.jp>
X-Mailer: Mew version 1.88 on Emacs 19.28.1 / Mule 2.3
X-FaceAnim: (-O_O-)(O_O- )(_O-  )(O-   )(-   -)(   -O)(  -O_)( -O_O)(-O_O-)
X-Fingerprint: 0C AC 93 FC E3 9D 9E 5B  3D B8 AC 5C 4A 79 D8 A6
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19970818164828E.matusita@ics.es.osaka-u.ac.jp>
Date: Mon, 18 Aug 1997 16:48:28 +0900
From: Makoto MATSUSHITA (=?ISO-2022-JP?B?GyRCJF4kRCQ3JD8kXiQzJEgbKEI=?=) <matusita@ics.es.osaka-u.ac.jp>
X-Dispatcher: imput version 970815
Lines: 43
Reply-To: FreeBSD-net-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=20]
X-Sequence: FreeBSD-net-jp 86
Subject: [FreeBSD-net-jp 86] Re: DoS attack and the solution: tcpserver or a modified inetd?
Errors-To: owner-FreeBSD-net-jp@jp.freebsd.org
Sender: owner-FreeBSD-net-jp@jp.freebsd.org


$B85$N(B <URL:http://pobox.com/~djb/docs/inetd.html> $B$rE,Ev$K$7$+FI$^$:$K(B
$B=q$$$F$$$^$9!%$N$G!$M}2r$,@u$$$G$9!%(B

kenji> $B$7$g$&$,$J$$$N$G8=:_;d$O(Bdjb$B;a$N(Btcpserver$B$r;H$C$F(Bconcurrent
kenji> limit$B$r@_Dj$7$F$7$N$$$G$$$^$9$,!"F1MM$N5!G=$r;}$C$?(Binetd$B$OB8:_(B
kenji> $B$9$k$N$G$7$g$&$+!#<1<T$N3'MM$*65$($$$?$@$1$l$P9,$$$G$9!#(B

inetd(8) $B$r8+$k$H!$(B

     -R rate   Specifies the maximum number of times a service can be invoked
               in one minute; the default is 256.

$B$H$+!$(B

           {wait|nowait}[/max-child]

$B$H$+$r;H$C$F;R6!$N?t$N@)8B$r=q$1$k$o$1$G$9$,!$C1=c$K(B limit $B$5$(=q$1$?(B
$B$iNI$$$N$J$i$3$l$GNI$$$H$+$$$&OC$G$O$J$$!$$N$G$7$g$&$+!%Nc$($P!$(B

finger stream tcp nowait/2 nobody /usr/libexec/fingerd fingerd -s

$B$J$I$H=q$$$F$d$k$H!$$I$&$"$,$$$F$b(B fingerd $B$O(B 2 $B$D$7$+$"$,$i$J$$$O$:$G(B
$B$9$h$M!E!E$H$$$&$@$1$8$c$@$a$J$N$G!$8=:_!$(B2.2.2-RELEASE $B$N7W;;5!(B($B$=$l(B
$B0JA0$O<j85$K$J$$$N$G$o$+$i$J$$$G$9(B ^_^;) $B$G$3$&=q$$$F$*$$$F!$B>$N7W;;(B
$B5!$+$i$R$?$9$i(Binetd-chew $B$G$D$D$$$F$$$^$9$,!$$d$C$Q$j(B 2 $B$D$7$+$"$,$j$^(B
$B$;$s!%(B

$B$G!$$3$N@)8B$r30$7$F!$(Binetd-chew $B$r$P$+$P$+$"$2$F$D$D$$$F$"$2$k$H!$$$(B
$B$H$b4JC1$K(B no more process $B>uBV$K$G$-$k$3$H$O3NG'$7$^$7$?(B :-)

$B!VF1;~$K5/F0$9$k(B process $B$N?t$r@)8B$7$?$$!W$N$J$i$H$j$"$($:$3$l$GKI$2(B
$B$=$&$J$N$G$9$,!E!E$^$"!V$?$+$,(B process $B?t@)8B$7$+$G$-$J$$!W$H$$$&0U8+(B
$B$O$"$k$+$b$7$l$^$;$s$,!%(B

# $B$b$7!$$3$s$J$N$G$b$h$1$l$P!V$s$J$N$O(B 2.2.2-RELEASE $B$r$D$C$3$s$@$i$G(B
# $B$-$F$$$k$3$H!W$H$$$&$3$H$K$J$j$^$9!%(B

-- -
Makoto `MAR_kun' MATSUSHITA
tcpd $BE*(B access control $B$H!$$3$N<j$N(B process $B@)8B$rN>J}M;9g$7$F=q$1$A$c(B
$B$&$H$$$&$N$,(B ucspi-tcp $B$J$N$+$J$"!$$H$+;W$C$?$j$7$?$N$G$9$,!$$=$&$J$s(B
$B$G$7$g$&$+(B($BFI$s$G$+$i8@$($H$$$o$l$=$&$@$J(B ^_^;)
