Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Naptha - New DoS

From: Jonas Thambert <JonasT () GULD SPRAY SE>
Date: Fri, 8 Dec 2000 10:57:32 +0100
Ofcourse using xinetd enables you
to put a limit on incoming connection, wich
is very nice, but still there are way to many
standalone services that are vulnerable to this attack.

So xinetd isnt the one and only solution..

/Jonas



-----Original Message-----
From: White Vampire [mailto:whitevampire () MINDLESS COM]
Sent: den 7 december 2000 18:17
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: Naptha - New DoS


On Thu, Dec 07, 2000 at 05:38:34PM +0100, Carl-Johan
Bostorp(ctor () krixor xy org) wrote:

    I find it rather odd that this has yet to be mentioned on
Bugtraq.


        I have since changed my mind.  I find it in poor taste.


I don't. As the advisory itself says - the problem is ancient. Only new

thing

seems to be someone finally sat down and did what everybody else thought

of

(or had done but not released =)). More of a thing for security-incidents.



        This concept is ancient, NAPTHA however has a new twist.  It
should be taken more seriously.


I've been using xinetd for ages to have protection from this type of

attack.

        inetd is not the only daemon affected by this attack.

Regards,
--
    __      ______   ____
   /  \    /  \   \ /   / White Vampire\Rem
   \   \/\/   /\   Y   /  http://www.projectgamma.com/
    \        /  \     /   http://www.webfringe.com/
     \__/\  /    \___/    http://www.gammaforce.org/
          \/ "Silly hacker, root is for administrators."
Previous By Date Next
Previous By Thread Next

Current thread: