Bugtraq mailing list archives

Denial of service process table attacks

From: conover () INOW COM (John Conover)
Date: Tue, 23 Feb 1999 08:43:24 -0000


The DNS process table attacks are mentioned at:

    http://lwn.net/daily/ptable.html

I have been using tcpserver as a replacement for inetd for many
months. It is at:

    ftp://koobera.math.uic.edu/www/ucspi-tcp.html

and allows limiting the *_number_* of concurrent processes forked out
of the inet facilities, as opposed to the *_rate_* of forked
processes.

Also, optionally, allows logging by port, with access control via a
fast database, by IP, and user.

I'm currently using it on httpd, ftp, faxd, smtp, telnet, pop3, and
the qmail daemons. Seems viable.

FWIW, FYI ...

        John

--

John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA.
VOX 408.370.2688, FAX 408.379.9602
conover () inow com, http://www2.inow.com/~conover/john.html

Current thread:

Re: Process table attack (from RISKS Digest), (continued)
- - - Re: Process table attack (from RISKS Digest) Olle Segerdahl,D (Feb 22)
    - Re: Process table attack (from RISKS Digest) Jan B. Koum (Feb 22)
    - ANNOUNCE: Net::RawIP 0.06 has been released Sergey V. Kolychev (Feb 22)
    - Summary: Copyright on Security advisories Aviram Jenik (Feb 22)
    - Re: Process table attack (from RISKS Digest) Dug Song (Feb 22)
    - NetBus client 1.x overflow Daniel Rosowski (Feb 22)
    - Re: Process table attack (from RISKS Digest) James Lockwood (Feb 22)
    - Re: Process table attack (from RISKS Digest) Dirk Moerenhout (Feb 22)
    - Re: Process table attack (from RISKS Digest) unknown () RIVERSTYX NET (Feb 22)
    - Re: Process table attack (from RISKS Digest) Andrew Hobgood (Feb 22)
    - Denial of service process table attacks John Conover (Feb 23)
    - Group kmem exploitable? Oliver Xymoron (Feb 23)
    - Re: Pro/wuFTPD DoS Alex Belits (Feb 21)
  - ISS install.iss security hole Fyodor (Feb 20)
    - Re: ISS install.iss security hole Joel Eriksson (Feb 22)
    - Preventing remote OS detection Patrick Gilbert (Feb 22)
    - Re: Preventing remote OS detection James Lockwood (Feb 22)
    - Re: Preventing remote OS detection route () RESENTMENT INFONEXUS COM (Feb 22)
    - Re: Preventing remote OS detection Salvatore Sanfilippo (Feb 23)
    - Re: ISS install.iss security hole Peter Benie (Feb 22)
    - Re: ISS install.iss security hole Michael Warfield (Feb 22)

(Thread continues...)