tech-security: Old problem?

Subject: Old problem?
To: None <tech-security@netbsd.org>
From: Tomasz Marciniak <whistler@hoth.amu.edu.pl>
List: tech-security
Date: 06/29/2002 13:27:01

How do I protect my system against that simple DoS:
http://felix.fizyka.amu.edu.pl/~tm/dos.c

It hangs NetBSD 1.6A, NetBSD 1.6BETA3 (both Pentium III with
256M RAM) in about 10 sec.

In /var/log/messages:

Jun 26 19:20:08 felix /netbsd: WARNING: mclpool limit reached; increase NMBCLUSTERS

The kernel was compiled with:

options         NMBCLUSTERS=4096

The login class definition of a user who runs the
evil code is:

someclass:\
        :cputime=16:\
        :datasize-cur=22M:\
        :stacksize-cur=8M:\
        :memorylocked-cur=10M:\
        :memoryuse-cur=10M:\
        :filesize=infinity:\
        :coredumpsize=infinity:\
        :maxproc-cur=32:\
        :openfiles-cur=32:\
        :sbsize=1048576:\
        :priority=0:\
        :umask=022:

The solution suggested in: 
http://www.securitybugware.org/BSD/131.html
does not help.

-- 
Tomasz Marciniak