[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] Flooding hobbit

To: hobbit (at) hswn.dk
Subject: Re: [hobbit] Flooding hobbit
From: Henrik Stoerner <henrik (at) hswn.dk>
Date: Mon, 21 Apr 2008 22:51:28 +0200
References: <1d23acab0804171237md0a952dnbc0262dd64650f2c (at) mail.gmail.com> <BAC1D28A5AB852439A6914CA7AB4E63F05B12BAE (at) permls05.wde.woodside.com.au>
User-agent: Mutt/1.5.15+20070412 (2007-04-11)

On Fri, Apr 18, 2008 at 09:03:56AM +0800, Everett, Vernon wrote:
> Hoping somebody has encountered this before.
> We have put BBWin on a few Windoze servers, but one of the, a DC, has a
> HUGE event log.
> So large, that hobbit is freaking out, and doing the "Data flooding from
> 1.2.3.4, closing connection" thing.
>  
> I know this is hobbit protecting iteself from a DOS attack, but is there
> a way around this?
> Can I somehow tell hobbit not to do this for that IP address?

No.

> Unfortunately, because of its function, we can't reduce the logging on
> the Windoze server, so we need to either
>     a) get hobbit to handle the problem (desirable solution)

Only way to do that would be to change the MAX_HOBBIT_INBUFSZ definition
in hobbitd/hobbitd.c. It is currently 10 MB:

  /*
   * The absolute maximum size we'll grow our buffers to accomodate an
   * incoming message.
   * This is really just an upper bound to squash the bad guys trying to
   * data-flood us.
   */
   
   #define MAX_HOBBIT_INBUFSZ (10*1024*1024)       /* 10 MB */


Regards,
Henrik

References:
- Best way to do interface graphs?
  - From: Stewart L
- Flooding hobbit
  - From: Everett, Vernon

Prev by Date: Re: [hobbit] Build errors with today's (4-21-08) snapshot
Next by Date: Re: [hobbit] Invalid DS name
Previous by thread: Flooding hobbit
Next by thread: Re: [hobbit] Flooding hobbit
Index(es):
- Date
- Thread