Bugtraq mailing list archives
DOS against SuSE's identd
From: peter () IFM LIU SE (Peter Eriksson)
Date: Tue, 17 Aug 1999 10:56:46 +0200
Hendrik Scholz <hendrik () SCHOLZ NET> writes:
The inetd.conf starts the identd with the options -w -t120 -e. This means that one identd process waits 120 seconds after answering the first request to answer later request. Lets say we start 100 requests in a short period. Due to the fact that it takes time to answer one request more identd's will be started each eating up about 900kb memory and waiting 120 seconds before terminating. I tested this behaviour on different machines with different hardware (RAM, Swap, NIC). Each machine becomes unusable after some seconds. This bug is in _every_ SuSE Version at least since 4.4. SuSE seems not to be interested in this bug becaus they did not answer any of my mails.
This bug is probably due to some incompatibility between SuSE's inetd daemons handling of 'stream tcp' & 'wait' servers and the way Pidentd expects it to be handled. The "normal" (as normal as it can be since 'stream tcp wait' normally is not a supported configuration) thing that should happen is that Inetd should start _one_ Pidentd, which then should handle all new requests in sub-processes, which should die immediately after the request has been handled. In the Suse case it seems (my guess) that Inetd keeps on starting new Pidentd's... Anyway, I nowadays _generally_ recommend people to stay away from the "-w" stuff in Pidentd due to the problems with the behaviours of various Inetd implementations... I recommend instead that people get the latest version of Pidentd (version 3.0.7 as of this writing) which uses multithreaded instead of forking subprocesses - this can reduce the load on systems significantly). Pidentd 3.0.7 (and later) can be downloaded from: ftp://ftp.lysator.liu.se/pub/ident/servers Here's the PGP Signature of that file: -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: D750KrTMC9lSc8xPJqIOoI5ldgh6QDYj iQCVAwUAN7c0a0GVHk0UMIghAQH7/wP8DV9NyDrPxMfa8lxSRMrGK8/kNSeKU+Z0 G+eX267t7WpjlP3puVchb7lp7zbtYlJhd6jyuxzwFJrGZs6GJGgT8B6vtFYqfYFm 9n5DAylzrTezWYUEkTQpy4UV+w1gVTa7+/qJcbkTm2rJaPaxp11duf0NH9zOhGZG gzfAOgkXMrU= =Mfo4 -----END PGP SIGNATURE----- /Peter (The Pidentd author)
Current thread:
- DOS against SuSE's identd Peter Eriksson (Aug 17)