Bugtraq mailing list archives
Re: denial of service - inetd on solaris 2.4?
From: bpowell () topsun West Sun COM (Brad Powell)
Date: Fri, 24 May 1996 08:45:51 -0700
From owner-bugtraq () NETSPACE ORG Thu May 23 23:12:14 1996 Approved-By: ALEPH1 () UNDERGROUND ORG Approved-By: Justin Beech <jb.sg () FP CIBC COM> Date: Fri, 24 May 1996 09:56:48 +0800 From: Justin Beech <jb.sg () fp cibc com> Subject: denial of service - inetd on solaris 2.4? To: Multiple recipients of list BUGTRAQ <BUGTRAQ () NETSPACE ORG> I discovered on our solaris 2.4 boxes, that if you telnet to the discard port, then quit telnet (using control-right-bracket and quit), you leave a single inetd running in an infinite read loop. Do this twice, and you get two inetds running...
yeah we found the same thing when building WAN probeing tools. :-)
obviously you can quickly bog the machine down to a standstill.. This doesnt happen on solaris 2.5, so I guess it is some inetd bug thats been fixed? anyone know a 2.4 patch for this?
Patch-ID# 102922-03 Synopsis: SunOS 5.4: inetd fixes BugId's fixed with this patch: 1175129 1202603 1217754 Changes incorporated in this version: 1217754 You should probably just turn off echo, discard, daytime and chargen as well. From the comment in inetd.conf: # Echo, discard, daytime, and chargen are used primarily for testing.
Also: what I havent seen mentioned yet, the denial of service attack is not just to bring down a box.. if one is employed on Host A, which is trusted by Host B, then this allows the network clear for the bad guy to impersonate Host A, (the real Host A being effectively muzzled), thus get into Host B. If I remember correctly, this was one of Mitnicks tricks against Shimomuras collection of machines.
close enough. :-). This could potentially be used to bog down a NIS or other server to allow a faster response from a "bad guy" host. e.g., using denial of services to hedge a race condition. ======================================================================= Brad Powell : brad.powell () Sun COM Sr. Network Security Consultant Sun Microsystems Inc. ======================================================================= The views expressed are those of the author and may not reflect the views of Sun Microsystems Inc. =======================================================================
Current thread:
- denial of service - inetd on solaris 2.4? Justin Beech (May 23)
- Re: denial of service - inetd on solaris 2.4? Casper Dik (May 24)
- <Possible follow-ups>
- Re: denial of service - inetd on solaris 2.4? Brad Powell (May 24)
- Re: denial of service - inetd on solaris 2.4? Jack Flory (May 24)
- Re: denial of service - inetd on solaris 2.4? Brett Lymn (May 26)
- netscape remote control - so what? Justin Beech (May 26)
- Re: netscape remote control - so what? martinh () mailhost emap co uk (May 28)
- Re: denial of service - inetd on solaris 2.4? Peter Skopp (May 27)