Vulnerability Development mailing list archives
Re: DOS on inetd w/ nmap
From: lamont () SECURITY HP COM (LaMont Jones)
Date: Tue, 25 Apr 2000 09:34:58 -0600
The problem is that inetd will abort when too many connections are made. This is an old problem that appears to still be a problem even on some newer OSes, specifically IRIX (*all* 6.2-6.5, others?), some HP-UX (B.10.20, but only on some machines... dunno why), and of course old SunOS 4.1.3/4.1.4 machines (only some!). You must then log on at the console (unless you had a remote window open to the machine prior to inetd exiting) and either restard inetd or reboot the machine.
I believe that if you go back about 2 or 3 years, most, if not all, of the vendors issued inetd patches to correct this vulnerability: I know that the ones you mentioned did. If I remember the bugtraq postings of the time, the problem came from internal services not expecting the socket to go away before they got around to servicing the request. Therefore, one workaround is to disable __ALL__ of the internal services in inetd.conf. The better workaround is to install the security patch that the vendor released 2 or 3 years ago. I expect that your "only some" situations above are either differences in patches, or else luck of timing windows. lamont Just speaking for myself, of course.
Current thread:
- Re: network appliance..., (continued)
- Re: network appliance... Dom De Vitto (Apr 12)
- Re: network appliance... Hull, Dave (Apr 12)
- Re: network appliance... John Hall (Apr 12)
- Re: network appliance... Paul Taylor (Apr 12)
- Re: network appliance... Crother, Mark (Apr 12)
- Re: network appliance... Marc Slemko (Apr 13)
- Re: network appliance... Stuart Henderson (Apr 17)
- Re: network appliance... James Grinter (Apr 24)
- DOS on inetd w/ nmap Clifford, Shawn A (Apr 24)
- Re: DOS on inetd w/ nmap Roelof Temmingh (Apr 25)
- Re: DOS on inetd w/ nmap LaMont Jones (Apr 25)
- Re: DOS on inetd w/ nmap Richard Johnson (Apr 25)
- Info about Microsoft Exchange application protocol Bobby, Paul (Apr 24)
- Re: Info about Microsoft Exchange application protocol Walter Williams (Apr 24)
- Re: network appliance... Stuart Henderson (Apr 17)