Nmap Announce mailing list archives
Re: Sun finally releases patch for nmap inetd denial of service issue
From: <lamont () icopyright com>
Date: Mon, 25 Sep 2000 11:17:22 -0700 (PDT)
The one-line description of the problem "accept() hangs after successful select()" makes it sound more like its an OS issue than an inetd bug. That would be an important clarification, since it would affect other programs as well. On Mon, 25 Sep 2000, Alek O. Komarnitsky (N-CSC) wrote:
There was some Email discussion a while ago about running nmap can cause problems for inetd. Specifically, I've was able to reliabily cause a small percentage (5-10%) of "scanned" machines to "hang" inetd ... so that subsequent connections were hung. I'm just basically doing a single TCP port scan at something that is handled by inetd (rather than a standalone process). You can usually "unfreeze" it by doing a 'echo "" | telnet HOSTNAME PORTNUMBER' There was a patch for HPUX (PHNE_16832) that fixed this problem there. On Sun Solaris, there was an issue with inetd actually DYING, but that was fixed some time ago ... but the "hanging" inetd continues. Good News: Sun recently released Patch 109104-04 ... which based on my testing of 50+ machines, *DOES* fix the problem. I.e. I can nmap these puppies to death and inetd doesn't blink an eye - the README says: 4337605 inetd Denial of Service Attack - accept() hangs after successful select() Bad News: This patch is for Solaris 2.7 ONLY ... I've had some discussions with Sun and "suggested" they release 2.6 & 2.8 versions; since I can reliably "hang up" inetd 5-10% of the time on those. I've got about 500 of these machines (all recently patched), so a semi-decent testbed to use! ;-) I'll let folks know what I hear about 2.6 & 2.8 patch availability. alek P.S. Pls note that this is NOT nmap's "fault" ... but rather buggy inetd; which should be more robust. -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
-------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Sun finally releases patch for nmap inetd denial of service issue Alek O. Komarnitsky (N-CSC) (Sep 25)
- Re: Sun finally releases patch for nmap inetd denial of service issue lamont (Sep 25)
- <Possible follow-ups>
- Re: Sun finally releases patch for nmap inetd denial of service issue Alek O. Komarnitsky (N-CSC) (Sep 25)