Bugtraq mailing list archives
Re: 11 years of inetd default insecurity?
From: "Andres Kroonmaa" <andre () online ee>
Date: Wed, 10 Sep 2003 09:40:21 +0300
On 8 Sep 2003, at 12:44, Dan Stromberg <strombrg () dcs nac uci edu> wrote:
So DJB's program basically has a large listen queue, and goes into queue-only mode after 40 concurrent connections? If that's the case, then there's still a DOS - just fill the listen queue with so much stuff that connections aren't serviced for a long time.
I wonder how many years it takes for people to realise that DOS based on service flooding is not something you can be immune to. Does it really take one DDOS per person to realise this simple truth? For every single method you invent there are 10 other methods to smash your box into nirvana anyway. Purpose of inetd was never security, nor protection of box from stupid applications it is called to start that can consume all resources. Inetd fulfills its purpose. If you need more, you need something else. If you want security separation, use state-tracking firewall. If you want to be immune from DOS, unplug from internet. All else is pointless whining. Imagining that inetd should evolve into strong firewall is as bizarre as it can get. ------------------------------------ Andres Kroonmaa <andre () online ee> CTO, Microlink Data AS Tel: 6501 731, Fax: 6501 725 Pärnu mnt. 158, Tallinn 11317 Estonia
Current thread:
- 11 years of inetd default insecurity? 3APA3A (Sep 06)
- Re: 11 years of inetd default insecurity? Thamer Al-Harbash (Sep 08)
- Re: 11 years of inetd default insecurity? Dan Stromberg (Sep 08)
- Re: 11 years of inetd default insecurity? Andres Kroonmaa (Sep 10)
- Re: 11 years of inetd default insecurity? Dan Stromberg (Sep 08)
- Re: 11 years of inetd default insecurity? Dagmar d'Surreal (Sep 08)
- Re: 11 years of inetd default insecurity? Mike Hoskins (Sep 09)
- Re: 11 years of inetd default insecurity? Mike Tancsa (Sep 08)
- Re: 11 years of inetd default insecurity? Jonathan A. Zdziarski (Sep 10)
- Re: 11 years of inetd default insecurity? Greg A. Woods (Sep 10)
- Re: 11 years of inetd default insecurity? Jonathan A. Zdziarski (Sep 10)
- Re: 11 years of inetd default insecurity? Dan Harkless (Sep 09)
- Re: 11 years of inetd default insecurity? Darren Pilgrim (Sep 09)
- <Possible follow-ups>
- Re: 11 years of inetd default insecurity? Paul Szabo (Sep 08)
- Re[2]: 11 years of inetd default insecurity? 3APA3A (Sep 08)
- Re: 11 years of inetd default insecurity? Lucas Holt (Sep 08)
(Thread continues...)
- Re: 11 years of inetd default insecurity? Thamer Al-Harbash (Sep 08)