Bugtraq mailing list archives
Re: 11 years of inetd default insecurity?
From: Lucas Holt <luke () foolishgames com>
Date: Mon, 8 Sep 2003 16:51:12 -0400
Your cure is worse than the disease: rate limiting allows a DoS against theservice, no limit allows a DoS against the whole machine. Cheers,Paul Szabo - psz () maths usyd edu au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia
Isn't that the point of system administration, to set reasonable values for such things. A balance between a reasonable load and a full DOS attack on the service or machine must be achieved.
I don't see how this feature is bad as long as its used properly. Besides many people run multiple services on a host.. if you set the value to unlimited all services are DOS'd. For instance, I have a system running apache, sendmail, and imapd. imapd is spawned by inetd and therefore could be DOS'd with a limit. By setting a limit though, my apache and sendmail servers stay up. I think this is a no brainer.
Lucas Holt Luke () FoolishGames com ________________________________________________________ FoolishGames.com (Jewel Fan Site) JustJournal.com (Free blogging)"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
- Albert Einstein (1879-1955)
Current thread:
- Re: 11 years of inetd default insecurity?, (continued)
- Re: 11 years of inetd default insecurity? Andres Kroonmaa (Sep 10)
- Re: 11 years of inetd default insecurity? Dagmar d'Surreal (Sep 08)
- Re: 11 years of inetd default insecurity? Mike Hoskins (Sep 09)
- Re: 11 years of inetd default insecurity? Mike Tancsa (Sep 08)
- Re: 11 years of inetd default insecurity? Jonathan A. Zdziarski (Sep 10)
- Re: 11 years of inetd default insecurity? Greg A. Woods (Sep 10)
- Re: 11 years of inetd default insecurity? Jonathan A. Zdziarski (Sep 10)
- Re: 11 years of inetd default insecurity? Dan Harkless (Sep 09)
- Re: 11 years of inetd default insecurity? Darren Pilgrim (Sep 09)
- Re: 11 years of inetd default insecurity? Paul Szabo (Sep 08)
- Re[2]: 11 years of inetd default insecurity? 3APA3A (Sep 08)
- Re: 11 years of inetd default insecurity? Lucas Holt (Sep 08)
- Re: Re[2]: 11 years of inetd default insecurity? Paul Szabo (Sep 08)
- Re[4]: 11 years of inetd default insecurity? 3APA3A (Sep 08)
- RE: 11 years of inetd default insecurity? bjornar.bjorgum.larsen (Sep 09)