Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sun finally releases patch for nmap inetd denial of service issue

From: <lamont () icopyright com>
Date: Mon, 25 Sep 2000 11:17:22 -0700 (PDT)

The one-line description of the problem "accept() hangs after successful
select()" makes it sound more like its an OS issue than an inetd bug.  
That would be an important clarification, since it would affect other
programs as well.

On Mon, 25 Sep 2000, Alek O. Komarnitsky (N-CSC) wrote:

There was some Email discussion a while ago about running nmap
can cause problems for inetd. Specifically, I've was able to
reliabily cause a small percentage (5-10%) of "scanned" machines 
to "hang" inetd ... so that subsequent connections were hung.
I'm just basically doing a single TCP port scan at something that is
handled by inetd (rather than a standalone process). You can usually
"unfreeze" it by doing a 'echo "" | telnet HOSTNAME PORTNUMBER'


There was a patch for HPUX (PHNE_16832) that fixed this problem there.


On Sun Solaris, there was an issue with inetd actually DYING, but that
was fixed some time ago ... but the "hanging" inetd continues. 

Good News: Sun recently released Patch 109104-04 ... which based on
my testing of 50+ machines, *DOES* fix the problem. I.e. I can nmap
these puppies to death and inetd doesn't blink an eye - the README says:
   4337605 inetd Denial of Service Attack - accept() hangs after successful select()


Bad News: This patch is for Solaris 2.7 ONLY ... I've had some
discussions with Sun and "suggested" they release 2.6 & 2.8 versions;
since I can reliably "hang up" inetd 5-10% of the time on those.
I've got about 500 of these machines (all recently patched),
so a semi-decent testbed to use!   ;-)


I'll let folks know what I hear about 2.6 & 2.8 patch availability.
alek

P.S. Pls note that this is NOT nmap's "fault" ... but rather buggy inetd;
which should be more robust.

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).




--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Previous By Date Next
Previous By Thread Next

Current thread: