Re: Possible DoS against inetd in Solaris

["Nursten, Scott" <scott.nursten () STREETSONLINE CO UK>]

Hi,

Tested this against Solaris 7 on a 2Mb link. It didn't work. Also tried it from a Solaris 7 box to a Solaris 7 on a 
100Mb/s switched LAN, and it didn't work there either.

Sorry :)

Scott


On Wed, Nov 15, 2000 at 10:46:51AM +0000, Alla Bezroutchko wrote:
> Hi,
>
> I stumbled upon something that looks like a bug in inetd on Solaris. If
> a Solaris box is portscaned by nmap with -T Insane option (very quick
> scan) daemons that are started by inetd stop responding. That is you
> can connect to them, connection get accepted, by they don't display any
> banner or answer in any way. It stays that way until inetd is
> restarted. Other daemons (not started by inetd) seem to be unaffected
> by this.
>
> The effect depends on number of daemons enabled in inetd configuration.
> If only one daemon (ftp in my case) is enabled, nothing happens at all.
> Inetd with two daemons does hang but not always. Five daemons enabled
> make it hang every time.
>
> I tested this over a 10Mbps LAN against Solaris 7 and 8 on Sparc and
> Solaris 7 on Intel.  All three are affected.
>
> Don't know if it works over slower connections. It is also interesting
> if it only affects inetd, or any daemon that listens on multiple
> ports. Could someone test this?
>
> --
> Alla Bezroutchko
> Scanit Team
> http://www.scanit.be/

--
Scott Nursten - Systems Administrator
Streets Online Ltd.

Business:       +44 (0) 1293 402 040
Fax:            +44 (0) 1293 402 050
Email:          scottn () streetsonline co uk

     -------------------------------------------------------------------
     |    "Facts do not cease to exist because they are ignored."      |
     |                                             Aldous Huxley       |
     -------------------------------------------------------------------