[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Kris Maglione" <bsdaemon at comcast dot net>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] mono wall 1.11 susceptible to dhcp dos attack
 Date:  Thu, 15 Sep 2005 21:57:00 +0200 
Doesn't have BSD a TMPFS like Linux has?

If so, it should be possible to have the DHCP logs on the system in
memory without the need of a bigger mfsroot...


For example:
tmpfs                 128M  1.3M  126M   1% /tmp
tmpfs                  10M     0   10M   0% /var/lock
tmpfs                  10M   52k  9.9M   1% /var/run

J.


-----Oorspronkelijk bericht-----
Van: Kris Maglione [mailto:bsdaemon at comcast dot net] 
Verzonden: donderdag 15 september 2005 21:09
Aan: m0n0wall at lists dot m0n0 dot ch
Onderwerp: Re: [m0n0wall] mono wall 1.11 susceptible to dhcp dos attack

Jonathan De Graeve wrote:

>What is considered a large dhcp load?
>
>I'm expecting some of 512 users on that network and I'm not willing to
>setup a different DHCP box.
>
>My box has 1GB of ram. It would be nice if the RAMdisk size could be
set
>in configmode or something.
>  
>
The size of the ramdisk can not be set because it is file backed. Your
m0n0wall image has a file called mfsroot.gz, which is a filesystem
image. This is mounted as your ramdisk (mfs=memory file system).
Whatever it's size is the size of your ramdisk. The only way to increase
it is make a custom image. The default is meant to be minimalistic. If
you want persistence, you need a real r/w hard disk partition.

512 users is big enough. ISC DHCPD's lease files are text based and
store a lot of metadata, and don't immediately remove old leases.


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch