The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Denial-of-service attack against INETD. Redhat 4.X and others...



On Tue, 26 Aug 1997 14:51:54 -0400, "D. Richard Hipp" wrote: 

>-----BEGIN PGP SIGNED MESSAGE-----
>
>Gentle People,
>
>I recently discovered a problem with the "inetd" running on RedHat
>Linux version 4.x that makes all services launched from inetd vulnerable
>to a denial-of-service attack.  I obtained a copy of the inetd
>source code, made changes to fix the problem, and am hereby releasing
>those changes back to the public.
>
>Note that I have only observed this problem in RedHat 4.X because that
>is all that I run at my site.  However the source code that I changed
>is generic BSD code from the 1980s.  I suspect that other Linux
>distributions, and other Unix systems, are running the same version
>of inetd and suffer from the same problem.
>
>The following TCL script illustrates the denial-of-service attack
>that my changes are intended to address:
>
>   for {set i 0} {$i<100} {incr i} {
>     set s [socket 127.0.0.1 23]
>     close $s
>   }
>
>Executing the above script will cause "telnet" service on the local
>host to be shutdown for 10 minutes.  It is a simple matter to attack
>other services or hosts by changing the TCP port number or IP address.
>
>This attack originates from a "misfeature" of inetd.  (I call the
>problem a "misfeature" rather than a "bug" since someone went to a
>lot of trouble to put it in.)  If more than a given number (default 40)
>of requests for a service arrive within a 60 second interval, that
>service is shutdown.  The listening socket is closed.  Attempts to
>use that service will result in a "Connection refused" error message.
>The service remains off for 10 minutes.  A system administrator
>can increase the turn-off threshold to a larger value (by adjusting
>the "max" parameter in /etc/inetd.conf), but the mechanism cannot be
>completely disabled.
>


This feature is actually really useful to me.

	By monitoring whether or not I can connect to a service I can find out 
when a site is issuing a DoS attack against me and firewall them off of my 
network. If inetd doesn't behave this way, then I wont find out about the DoS 
in the first place.

--
                Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software

"Donnie were much more 'user-friendly'. May be you selective
       about friends:-)" -- Levente Farkas

"Hey, wait a minute, you clowns are on dope!"
	-- Owen Cheese in 'Shakes the Clown'



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .