Vulnerability Development mailing list archives
Re: FreeBSD listen()
From: davids () WEBMASTER COM (David Schwartz)
Date: Thu, 28 Oct 1999 13:13:04 -0700
It makes no sense at all to use the listen backlog as any sort of security mechanism. If you only wish to accept one connection, only call 'accept' once.
http://www.nai.com/nai_labs/asp_set/advisory/ftp-paper.asp
This is about authentication. It has nothing to do with the number of connections.
and realized in exploit posted to Vuln-dev, see http://www.securityfocus.com/templates/archive.pike?list=82&date=1
999-10-15&msg=9628.991015 () SECURITY NNOV RU This is about active versus passive FTP. It has nothing to do with listen backlogs or connection counts. DS
Current thread:
- Re: ICQ 2000, (continued)
- Re: ICQ 2000 Sean Burford (Oct 25)
- Re: ICQ 2000 Brad Griffin (Oct 26)
- icq2000 Brad Griffin (Oct 26)
- Re: ICQ 2000 Damm, Mike (Oct 26)
- Re: ICQ 2000 Brad Griffin (Oct 26)
- FreeBSD listen() 3APA3A (Oct 27)
- Re: FreeBSD listen() CyberPsychotic (Oct 27)
- Re: FreeBSD listen() 3APA3A (Oct 29)
- Re: FreeBSD listen() Matthew S. Hallacy (Oct 30)
- Fw: Trojan/Worm on one of your pages and spams ICQ users. BrainMaster (Oct 28)
- Re: FreeBSD listen() David Schwartz (Oct 28)
- Re: FreeBSD listen() 3APA3A (Oct 29)
- Re: FreeBSD listen() David Schwartz (Oct 30)
- Re: FreeBSD listen() 3APA3A (Oct 31)
- Re: FreeBSD listen() Sebastian (Oct 28)
- Re: FreeBSD listen() 3APA3A (Oct 29)
- Re: FreeBSD listen() Warren Young (Oct 28)
- Re: ICQ 2000 Bernie Cosell (Oct 27)
- Re: ICQ 2000 Ripple (Oct 26)
- Re: ICQ 2000 Sean Burford (Oct 26)
- stealth executables Brad Griffin (Oct 26)