X-RDate: Mon, 30 Mar 1998 08:52:33 +0600 (ESD)
Date: Thu, 26 Mar 1998 23:41:43 +0200
From: Michael Widenius <monty@MONTY.PP.SCI.FI>
To: BUGTRAQ@NETSPACE.ORG
Subject: FW: mysql: Trivial mSQL/MySQL DoS method? (fwd)
Hi all,
Just FYI, here is what was posted to the MySQL list from the MySQL
author regarding the DoS attack.
Scott
-----FW: <199803262141.XAA10491@monty.pp.sci.fi>-----
Date: Thu, 26 Mar 1998 23:41:43 +0200
Sender: owner-mysql@analytikerna.se
From: Michael Widenius <monty@monty.pp.sci.fi>
To: "Joel B. Stalder" <joel@uptimecomputers.com>
Subject: mysql: Trivial mSQL/MySQL DoS method? (fwd)
Cc: mysql@tcx.se
This never was fatal (only VERY annoying) for MySQL 3.20 ! MySQL has
a timeout of 30 seconds for each read from the client. This means
that the 'hang' only lasts 30 seconds for MySQL.
MySQL 3.21.26 and below has the same problem.
>>From the changelog of 3.21.27 (I am compiling a distribution just now):
* Changed connect timeout to 3 seconds to make it somewhat harder
for crackers to kill mysqld trough telnet + TCP/IP.
Yours,
Monty
< original fwd by Joel B. Stalder removed >
