Bugtraq mailing list archives
Re: inetd DoS exploit
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Mon, 26 Feb 2001 16:39:58 -0500
On Sun, 25 Feb 2001, Serega[linux] wrote:
[ser@ihg prog]$ cc inetddos.c -o inetddos [ser@ihg prog]$ ./inetddos 127.0.0.1 21 DoS OK
(code snipped) *hrm* ok. this is old. see also the inetd process table attack. http://www.interesting-people.org/199902/0069.html this can be stemmed in a number of ways: 1] using inetd, rate limit the connections. change a line like telnet stream tcp nowait root /usr/libexec/telnetd telnetd to telnet stream tcp nowait.1 root /usr/libexec/telnetd telnetd this will maximize the number of connections per minute on that service: (from an inetd manpage on OpenBSD 2.8) The optional ``max'' suffix (separated from ``wait'' or ``nowait'' by a dot) specifies the maximum number of server instances that may be spawned from inetd within an interval of 60 seconds. When omitted, ``max'' defaults to 40. 2] inetd -R. (again from OpenBSD's 2.8 manpage for inetd) -R rate Specify the maximum number of times a service can be invoked in one minute; the default is 256. i believe the inetd in Linux, which is derived from BSD's inetd, has these features. at least the last time i looked at the code (eons ago) it did. 3] move to xinetd or other similar programs which have rate limiting. solar designer has a neat-o patch for xinetd that can do max-per-IP limits. very nice ... :) anyhow, old, mitigations are alreay in place, just learn to use them. ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- inetd DoS exploit Serega[linux] (Feb 26)
- Re: inetd DoS exploit Jose Nazario (Feb 27)
- Re: inetd DoS exploit David Malone (Feb 27)
- Re: inetd DoS exploit Charles M. Hannum (Feb 27)
- Re: inetd DoS exploit Peter Werner (Feb 27)
- Re: inetd DoS exploit Peter van Dijk (Feb 27)
- ratelimiting/concurrency limits both inadequate to stop TCP/IP DoS bert hubert (Feb 28)
- Re: inetd DoS exploit Jose Nazario (Feb 27)