Bugtraq mailing list archives
Re: inetd DoS exploit
From: "Charles M. Hannum" <root () IHACK NET>
Date: Tue, 27 Feb 2001 12:18:14 -0800
On Mon, Feb 26, 2001 at 04:39:58PM -0500, Jose Nazario wrote:
this can be stemmed in a number of ways: 1] using inetd, rate limit the connections. change a line like telnet stream tcp nowait root /usr/libexec/telnetd telnetd to telnet stream tcp nowait.1 root /usr/libexec/telnetd telnetd this will maximize the number of connections per minute on that service: (from an inetd manpage on OpenBSD 2.8)
Actually, that was implemented in NetBSD. But regardless, it's not sufficient. All that does is adjust the threshold at which inetd decides the server is `looping' and disables it. Setting it to 1, for example, just makes the problem *much* worse. Setting it to, e.g., 1000000 will effectively disable the hack, and is a reasonable workaround if your machine can deal. The real answer is to implement proper rate-limiting instead. A bonus would be to implement it in a library (say, libwrap) that standalone and `wait' services can also use.
Current thread:
- inetd DoS exploit Serega[linux] (Feb 26)
- Re: inetd DoS exploit Jose Nazario (Feb 27)
- Re: inetd DoS exploit David Malone (Feb 27)
- Re: inetd DoS exploit Charles M. Hannum (Feb 27)
- Re: inetd DoS exploit Peter Werner (Feb 27)
- Re: inetd DoS exploit Peter van Dijk (Feb 27)
- ratelimiting/concurrency limits both inadequate to stop TCP/IP DoS bert hubert (Feb 28)
- Re: inetd DoS exploit Jose Nazario (Feb 27)