Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 11 years of inetd default insecurity?

From: Darren Pilgrim <dmp () bitfreak org>
Date: Tue, 9 Sep 2003 10:17:12 -0700
On 2003.09.06 18:08:22 +0400, 3APA3A <3APA3A () SECURITY NNOV RU> wrote:

II. Who is vulnerable

Any system shipped with network daemons launched through inetd
(FreeBSD, SuSE, Red Hat, etc.).


FreeBSD doesn't run anything through inetd by default.  You have to
manually edit inetd.conf to enable anything, and there is a warning
screen during the install process about doing so.

Additionally, FreeBSD's stock inetd has the following options:

     -c maximum
             Specify the default maximum number of simultaneous
             invocations of each service; the default is unlimited.
             May be overridden on a per-service basis with the
             "max-child" parameter.

     -C rate
             Specify the default maximum number of times a service can
             be invoked from a single IP address in one minute; the
             default is unlimited.  May be overridden on a per-service
             basis with the "max-connections-per-ip-per-minute"
             parameter.

     -R rate
             Specify the maximum number of times a service can be
             invoked in one minute; the default is 256.  A rate of 0
             allows an unlimited number of invocations.

     -s maximum
             Specify the default maximum number of simultaneous
             invocations of each service from a single IP address; the
             default is unlimited.  May be overridden on a per-service
             basis with the "max-child-per-ip" parameter.
Previous By Date Next
Previous By Thread Next

Current thread: