Bugtraq mailing list archives

Re: denial of service - inetd on solaris 2.4?

From: bpowell () topsun West Sun COM (Brad Powell)
Date: Fri, 24 May 1996 08:45:51 -0700

From owner-bugtraq () NETSPACE ORG  Thu May 23 23:12:14 1996
Approved-By: ALEPH1 () UNDERGROUND ORG
Approved-By:  Justin Beech <jb.sg () FP CIBC COM>
Date:         Fri, 24 May 1996 09:56:48 +0800
From: Justin Beech <jb.sg () fp cibc com>
Subject:      denial of service - inetd on solaris 2.4?
To: Multiple recipients of list BUGTRAQ <BUGTRAQ () NETSPACE ORG>

I discovered on our solaris 2.4 boxes, that if you telnet to
the discard port, then quit telnet (using control-right-bracket
and quit), you leave a single inetd running in an infinite
read loop. Do this twice, and you get two inetds running...


yeah we found the same thing when building WAN probeing tools.
:-)


obviously you can quickly bog the machine down to a standstill..
This doesnt happen on solaris 2.5, so I guess it is some
inetd bug thats been fixed? anyone know a 2.4 patch for this?


Patch-ID# 102922-03
Synopsis: SunOS 5.4: inetd fixes
BugId's fixed with this patch: 1175129 1202603 1217754
Changes incorporated in this version: 1217754

You should probably just turn off echo, discard, daytime and chargen
as well. From the comment in inetd.conf:
# Echo, discard, daytime, and chargen are used primarily for testing.


Also: what I havent seen mentioned yet, the denial of service
attack is not just to bring down a box.. if one is employed on
Host A, which is trusted by Host B, then this allows
the network clear for the bad guy to impersonate Host A, (the
real Host A being effectively muzzled), thus get into
Host B.
If I remember correctly, this was one of Mitnicks tricks
against Shimomuras collection of machines.



close enough. :-). This could potentially be used to bog down a
NIS or other server to allow a faster response from a "bad guy" host.

e.g., using denial of services to hedge a race condition.

=======================================================================
Brad Powell : brad.powell () Sun COM
Sr. Network Security Consultant
Sun Microsystems Inc.
=======================================================================
               The views expressed are those of the author and may
                  not reflect the views of Sun Microsystems Inc.
=======================================================================

Current thread:

denial of service - inetd on solaris 2.4? Justin Beech (May 23)
- Re: denial of service - inetd on solaris 2.4? Casper Dik (May 24)
- <Possible follow-ups>
- Re: denial of service - inetd on solaris 2.4? Brad Powell (May 24)
  - Re: denial of service - inetd on solaris 2.4? Jack Flory (May 24)
  - Re: denial of service - inetd on solaris 2.4? Brett Lymn (May 26)
  - netscape remote control - so what? Justin Beech (May 26)
    - Re: netscape remote control - so what? martinh () mailhost emap co uk (May 28)
- Re: denial of service - inetd on solaris 2.4? Peter Skopp (May 27)