False requests

LSF clusters may be vulnerable to large-scale denial of service (DOS) attacks. If one of the LSF daemons becomes overloaded with false requests, it may not be able to respond to valid requests.

By default, LSF refuses to accept client requests from hosts not listed in lsf.cluster.cluster_name. If LSF daemons are started on the unlisted host, the daemons will continue to retry the connection. The LSF master host rejects these requests, but if there are many unlisted hosts doing the same thing, it may become overloaded and be unable to respond to valid requests.

Since LSF can handle large clusters (several thousand hosts in a cluster) and is designed to be resistant to this type of attack, a malicious attack needs to simulate a larger scale of false hosts in order to be successful, but LSF still remains potentially vulnerable to a very large-scale attack.

Related reference
Communications between daemons and commands
Transmission of Platform LSF commands for remote execution
Access to jobs belonging to other users
Accessing remote hosts
Authentication
Kerberos integration