Re: ZDNet Article: "Major Unix flaw emerges"

[dbell <dbell () bway net>]

On Mon, 1 Mar 1999, David C Niemi wrote:

> http://www.zdnet.com/zdnn/stories/news/0,4586,2217922,00.html
>
> Major Unix flaw emerges
>
> Built-in bug lets hackers shut down ISPs at will, but Unix vendors don't
> seem overly concerned.

Note to the moderator: If you don't feel that this should be discussed on
the list, please kill it. I copied the list because I thought it might be
a legitimate topic of discussion. 

This article contains a lot of FUD. This problem is NOT new. I could
similarly publish an article with a headline something like "Buffer
Overflows threaten unix and NT security!!!" People have known about both
sorts of flaw for at least 15 years. As the article indicates, it's not
easy to launch an attack like this without making oneself easily
detectible, and there are plenty of ways for a good unix admin to protect
his machines (replace the default inetd with something that can limit the
number of spawned processes, use stand-alone daemons that support this
kind of limitation, like apache, etc.).

As far as firewalls go, they should not be listening on very many ports,
and those that are open should have daemons listening on them which are
well-designed enough not to make problems like this. Of course, it's up to
the vendors to get this right, to some degree...

Finally, I don't know NT well enough to say whether or not it is
vulnerable to something similar, but logically, it could be. 



--
Daniel Bell
Heuer's Law: Any feature is a bug unless it can be turned off.