Also, if you're rebooting a runaway computer, you're likely to take a few
minutes to reboot and fsck. A few gig of heavily used disk can suck up time
in fsck quite nicely. And if you're really worried (and the loss of 4
minutes is worth less to you than the risk of attack) then put a 4 minute
pause in your startup scripts in the case of 'unclean' reboots. Or do not
accept 'reboot' packets during the first 4 minutes of uptime (less boot
time would probably only be a minute or two at max on a small disk system).
> > - A single valid packet can be replayed until it is no longer valid.
> > so your poor host will be rebooting until the packet expires... So
> > if you validly reboot the machine, anyone listening can reboot the
> > machine for a few minutes...
> You couldn't reboot it until it was on the network.. How many
> times could I reboot your computer in that 256second window? Maby one
> additional time...
Exactly.
-- [======================================================================] [ Kevin Lentin Email: K.Lentin@cs.monash.edu.au ] [ finger kevinl@fangorn.cs.monash.edu.au for PGP public key block. ] [ KeyId: 06808EED FingerPrint: 6024308DE1F84314 811B511DBA6FD596 ] [======================================================================]