Bugtraq mailing list archives

Re: DOS against SuSE's identd

From: alan () MANAWATU GEN NZ (Alan Brown)
Date: Tue, 17 Aug 1999 14:24:13 +1200


On Sat, 14 Aug 1999, Hendrik Scholz wrote:

The inetd.conf starts the identd with the options -w -t120
-e.
This means that one identd process waits 120 seconds after
answering the first request to answer later request.


No, it means that the identd is persistent and will shut down after 120
seconds of idle time.

What ends up happening is that a master identd process spawns a child
for each request and you're running into a basic FD-based DoS attack.

AB

Current thread:

Possible Denial Of Service using DNS Carlos Veira (Aug 10)
- Re: Possible Denial Of Service using DNS marka () ISC ORG (Aug 10)
- Re: Possible Denial Of Service using DNS David Schwartz (Aug 10)
  - QMS 2060 printer security hole Frank Bures (Aug 18)
- DOS against SuSE's identd Hendrik Scholz (Aug 14)
  - Re: DOS against SuSE's identd Danton Nunes (Aug 16)
    - Re: DOS against SuSE's identd Volker Wiegand (Aug 17)
  - Re: DOS against SuSE's identd Alan Brown (Aug 16)
  - AOL Buffer Overflow??? Robert Graham (Aug 16)
  - Re: DOS against SuSE's identd Seth R Arnold (Aug 17)
- Mandrake 6.0 .Xauthority Elmer Joandi (Aug 15)
- IE5 ACL protected pages viewable from cache by unauthorized user J.Kent Robinson (Aug 15)
  - Re: IE5 ACL protected pages viewable from cache by unauthorized user David Schwartz (Aug 16)
- Possible Windows 9x Shared Printers Security Hole Luis Martin-Santos (Aug 15)
  - Re-release: Microsoft Security Bulletin (MS99-029) Aleph One (Aug 16)
  - Re: Possible Windows 9x Shared Printers Security Hole x-empt [ lvhc / lou ] (Aug 16)