Re: pkg/49860: DoS against snmpd on netbsd routers

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost,6bone%6bone.informatik.uni-leipzig.de@localhost
Subject: Re: pkg/49860: DoS against snmpd on netbsd routers
From: 6bone%6bone.informatik.uni-leipzig.de@localhost
Date: Sat, 2 May 2015 21:05:00 +0000 (UTC)

The following reply was made to PR pkg/49860; it has been noted by GNATS.

From: 6bone%6bone.informatik.uni-leipzig.de@localhost
To: Christos Zoulas <christos%zoulas.com@localhost>
Cc: gnats-bugs%NetBSD.org@localhost, pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, 
    pkgsrc-bugs%netbsd.org@localhost
Subject: Re: pkg/49860: DoS against snmpd on netbsd routers
Date: Sat, 2 May 2015 23:01:42 +0200 (CEST)

 On Tue, 28 Apr 2015, Christos Zoulas wrote:

 > Looks like that qsort is deadly... I wonder why it thinks it needs to
 > sort something all the time. The arp stuff looks suspect as expected.
 > (if it is related to ndp). I am not sure if I have time to optimize the
 > code, but using a hashmap instead of sorting seems to be a good thing
 > to do.
 >

 Yet another information. In normal operation 'ndp -an | wc -l' reports 
 nearly 1500 entries.

 During the attack ndp reports:

 ndp: ioctl(SIOCGNBRINFO_IN6): Invalid argument
 ndp: failed to get neighbor information
 ndp: ioctl(SIOCGNBRINFO_IN6): Invalid argument
 ndp: failed to get neighbor information
 ...

 Could that be a problem for the snmpd?

 Regards
 Uwe

Prev by Date: Re: pkg/49860: DoS against snmpd on netbsd routers
Next by Date: Re: pkg/49860: DoS against snmpd on netbsd routers
Previous by Thread: Re: pkg/49860: DoS against snmpd on netbsd routers
Next by Thread: Re: pkg/49860: DoS against snmpd on netbsd routers
Indexes:

Home | Main Index | Thread Index | Old Index