Bugtraq mailing list archives
Re: inetd DoS exploit
From: David Malone <dwmalone () MATHS TCD IE>
Date: Tue, 27 Feb 2001 19:33:41 +0000
On Mon, Feb 26, 2001 at 04:39:58PM -0500, Jose Nazario wrote:
3] move to xinetd or other similar programs which have rate limiting. solar designer has a neat-o patch for xinetd that can do max-per-IP limits. very nice ... :)
FreeBSD's inetd has a selection of features like like this (maximum number of invocations of a service, max number of invocations per minute and the max number of invocations per minute per ip). I think these features must be relatively recent additions to inetd 'cos the syntax for them is slightly different in FreeBSD and OpenBSD. (A little poking around CVS trees shows that the max-child feature was originally added in NetBSD 1993 and added to FreeBSD in 1996. The overall rate limit and rate/ip limit may have originated in FreeBSD at a later date - possibly cogged from xinetd.) David.
Current thread:
- inetd DoS exploit Serega[linux] (Feb 26)
- Re: inetd DoS exploit Jose Nazario (Feb 27)
- Re: inetd DoS exploit David Malone (Feb 27)
- Re: inetd DoS exploit Charles M. Hannum (Feb 27)
- Re: inetd DoS exploit Peter Werner (Feb 27)
- Re: inetd DoS exploit Peter van Dijk (Feb 27)
- ratelimiting/concurrency limits both inadequate to stop TCP/IP DoS bert hubert (Feb 28)
- Re: inetd DoS exploit Jose Nazario (Feb 27)