Bugtraq mailing list archives
Re: TCPwrappers race condition
From: nicolai-bugtraq () UUNET PIPEX COM (Nicolai E M Plum)
Date: Fri, 3 Oct 1997 10:06:12 -0000
Thamer Al-Herbish writes:
TCPwrappers do a getpeername() after bieng passed the socket descriptor from inetd. On some OSs this can cause a problem, atleast on SCO. It seems that if you connect real fast, and disconnect (just connect() then exit()). It winds up logging "unknown" as the hostname. This is because by the time tcpwrappers get to make that call the OS has already gotten a FIN and closed off the connection. I verfied this with a sniffer.
This can also happen on Solaris and SunOS. We have had people connected on dialup lines use a piece of software called ``Ponger32''. It claims to ping a remote host to keep a line up, but actually makes a very short TCP connection as described above (not very good design). This causes a stream of notifications from TCPwrappers, but since TCPwrappers should reject connections that cannot be authenticated, it does not weaken security, but does cause a nuisance. And indeed the only way to work out what is actually going on is to snoop the network. Nicolai
Current thread:
- IE4 and channels Alan Cox (Oct 02)
- TCPwrappers race condition Thamer Al-Herbish (Sep 28)
- Re: TCPwrappers race condition Nicolai E M Plum (Oct 03)
- Re: TCPwrappers race condition Wietse Venema (Oct 03)
- Re: TCPwrappers race condition John W. Temples (Oct 03)
- Re: TCPwrappers race condition Wietse Venema (Oct 03)
- Majordomo 1.94.4 released -- SECURITY FIXES Aleph One (Oct 03)
- web.sql vulnerability Aleph One (Oct 03)
- TCPwrappers race condition Thamer Al-Herbish (Sep 28)
- IE4 and channels Jon Cargille (Oct 02)
- <Possible follow-ups>
- Re: IE4 and channels Phillip Hallam-Baker (Oct 02)