Bugtraq mailing list archives
Re: Nmap network auditing/exploring tool V. 2.00 released
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Wed, 23 Dec 1998 10:12:57 +0100
Another nmap-induced denial-of-service is against many machines inetd's when doing a TCP connect() scan (-sT) with the result of killing the inetd process. I've found that Digital Unix and Irix have been vulnerable to this. I cannot reliably reproduce the problem[*] and have not tested it against xinetd.
The TCP scan seems to be wide spread under inetd. It's caused by the inetd "internal" TCP services; when a connection is made and closed before a response can be send, inetd will die with SIGPIPE. This affects the services that do not fork() prior to running; discard, echo and chargen do fork(), I believe, but time and daytime only send a single respone and fork()ing wasn't deemed necessary. It does affect Solaris prior to Solaris 7 (where it was fixed before it was understood how easy it was to trigger) Casper
Current thread:
- Nmap network auditing/exploring tool V. 2.00 released Fyodor (Dec 15)
- Re: Nmap network auditing/exploring tool V. 2.00 released Sherwood Botsford (Dec 21)
- Re: Nmap network auditing/exploring tool V. 2.00 released Olaf Selke (Dec 22)
- Re: Nmap network auditing/exploring tool V. 2.00 released Lamont Granquist (Dec 22)
- Re: Nmap network auditing/exploring tool V. 2.00 released Casper Dik (Dec 23)
- Re: Nmap network auditing/exploring tool V. 2.00 released Olaf Selke (Dec 22)
- Re: Nmap network auditing/exploring tool V. 2.00 released Sherwood Botsford (Dec 21)
- <Possible follow-ups>
- Re: Nmap network auditing/exploring tool V. 2.00 released Jefferson Ogata (Dec 22)