mailing list archives
Re: CPSR #8: identd Denial of Service
From: jkatz () CPIO ORG (J. Joseph Max Katz)
Date: Mon, 4 Aug 1997 10:55:59 -0500
This occurs when ident is being called from inetd-- with ANY "-w" time
alotted. The OpenBSD default is -w60 or -w120, I tested it at -w40 and
On Tue, 5 Aug 1997, Alan Brown wrote:
:At 09:19 4/08/97 -0500, you wrote:
:>A massive amount of ident requests causes the identd daemon to "spin"
:>because the daemon does not correctly close the socket from the host
:>that issues a request. This is due to a poorly implemented incantation
:>of wait(). The improper code perpetuates the identd process and allows
:>the process to hang, slowing system performance considerably. On average,
:>2-3 spinning processes slow the system noticeably-- 10-15 make the system
:>unusable. Bear in mind that this is all based on the speed of the system
:>and the above numbers hold true for machines like a p5/100 with 32M of RAM.
:>Simply "kill -9 (ident's PIDs)" fixes the problem if it occurs.
:Does this still apply when identd is called from inetd.conf wait -w -t120
:or run in daemon mode?
- Re: CPSR #8: identd Denial of Service J. Joseph Max Katz (Aug 04)