Re: inetd DoS exploit

[Peter Werner <peterw () DOCUMENTA COM AU>]

NAME
     inetd - internet ``super-server''

SYNOPSIS
     inetd [-d] [-R rate] [configuration file]

....

    -R rate
             Specify the maximum number of times a service can be
invoked in
             one minute; the default is 256.

isnt this a feature of inetd?

ie, it stops answering request's for a service when the maximum
number has been reached?

did you wait ~10 minutes to try reconnect? or does inetd/box
actually need to be restarted?

----- Original Message -----
From: Serega[linux] <linux () IHGROUP RU>
To: <BUGTRAQ () SECURITYFOCUS COM>
Sent: Monday, February 26, 2001 3:26 AM
Subject: [BUGTRAQ] inetd DoS exploit


> Name:  inetd DoS exploit
> Author: Serega[Linux]
>
>
> [ser@ihg prog]$ ./pscaner -h 127.0.0.1      /* it's my port scaner
*/
> Open ports on [127.0.0.1]
> -----------------------------
> [21] OPEN : 220 ihg.localhost FTP server (Version wu-6.6.6(5) Sat
Feb 17 15:10:44 MSK 2001) ready.
> [23] OPEN :
> [25] OPEN : 220 ihg.localhost ESMTP Sendmail 8.11.0/8.11.0; Sun,
25 Feb 2001 18:58:36 +0300
> -----------------------------
>
> [ser@ihg prog]$ telnet 127.0.0.1 21
> Trying 127.0.0.1...
> Connected to 127.0.0.1.
> Escape character is '^]'.
> 220 ihg.localhost FTP server (Version wu-6.6.6(5) Sat Feb 17
15:10:44 MSK 2001) ready.
> [ser@ihg prog]$ cc inetddos.c -o inetddos
> [ser@ihg prog]$ ./inetddos 127.0.0.1 21
> DoS OK
> [ser@ihg prog]$ telnet 127.0.0.1 21
> Trying 127.0.0.1...
> telnet: Unable to connect to remote host: Connection refused
> [ser@ihg prog]$ telnet 127.0.0.1 23
> Trying 127.0.0.1...
> Connected to 127.0.0.1.
> Escape character is '^]'.
> login:
>
> [ser@ihg prog]$ ./inetddos 127.0.0.1 23
> DoS OK
> [ser@ihg prog]$ telnet 127.0.0.1 23
> Trying 127.0.0.1...
> telnet: Unable to connect to remote host: Connection refused
>
> --
> /*
>  * mailto:linux () ihgroup ru
>  * ICQ: 64432299
>  * Home Page: http://127.0.0.1
> */