leak in dccd blacklist

Vernon Schryver vjs@calcite.rhyolite.com
Sun Mar 5 14:42:10 UTC 2006


(I'm sending this to the DCC mailing list with a bcc: to the person who asked)

> >     Fix leak in dccd blacklist.
>
> Is there maybe a detailed advisory available? I am trying to figure out
> how severe this leak is and whether we should advise FreeBSD users with
> an VuXML advisory.

Before 1.3.30, loading the blacklist was delayed until about 30 seconds
after dccd started.  If a hyper-active clients whose IP address is in
the blacklist made a request during those first 30 seconds, not only
would the request be answered, but future requests would also be answered
until the blacklist changed and dccd noticed and loaded the new version.

Only the public DCC servers use the blacklist of bad DCC clients.  Only
the largest blacklisted clients of the public DCC servers such as utk.edu
were leaked.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.