Bugtraq mailing list archives
Re: 11 years of inetd default insecurity?
From: Mike Hoskins <mike () adept org>
Date: Mon, 8 Sep 2003 15:46:37 -0700 (PDT)
On Sun, 7 Sep 2003, Dagmar d'Surreal wrote:
I see... So you feel it's better to simply dare an attacker to try to invoke three hundred bajillion copies of say, fingerd. How novel. I can only hope the majority on the list realize why following your suggestion is very bad.
luckily, i think anyone that actually reads the entire man page would understand that. ;) from FreeBSD's inetd(8), " -c maximum Specify the default maximum number of simultaneous invocations of each service; the default is unlimited. May be overridden on a per-service basis with the "max-child" parameter. -C rate Specify the default maximum number of times a service can be invoked from a single IP address in one minute; the default is unlimited. May be overridden on a per-service basis with the "max-connections-per-ip-per-minute" parameter. -R rate Specify the maximum number of times a service can be invoked in one minute; the default is 256. A rate of 0 allows an unlimited number of invocations. -s maximum Specify the default maximum number of simultaneous invocations of each service from a single IP address; the default is unlimited. May be overridden on a per-service basis with the "max-child-per- ip" parameter. " so there are much better ways to address the problem in modern inetds. also, OS' i use make installing inetd at all optional. furthermore, many Linux' i'm familiar with make xinetd the default... so this is anything but 'default insecurity'. -mrh -- From: "Spam Catcher" <spam-catcher () adept org> To: spam-catcher () adept org Do NOT send email to the address listed above or you will be added to a blacklist!
Current thread:
- 11 years of inetd default insecurity? 3APA3A (Sep 06)
- Re: 11 years of inetd default insecurity? Thamer Al-Harbash (Sep 08)
- Re: 11 years of inetd default insecurity? Dan Stromberg (Sep 08)
- Re: 11 years of inetd default insecurity? Andres Kroonmaa (Sep 10)
- Re: 11 years of inetd default insecurity? Dan Stromberg (Sep 08)
- Re: 11 years of inetd default insecurity? Dagmar d'Surreal (Sep 08)
- Re: 11 years of inetd default insecurity? Mike Hoskins (Sep 09)
- Re: 11 years of inetd default insecurity? Mike Tancsa (Sep 08)
- Re: 11 years of inetd default insecurity? Jonathan A. Zdziarski (Sep 10)
- Re: 11 years of inetd default insecurity? Greg A. Woods (Sep 10)
- Re: 11 years of inetd default insecurity? Jonathan A. Zdziarski (Sep 10)
- Re: 11 years of inetd default insecurity? Dan Harkless (Sep 09)
- Re: 11 years of inetd default insecurity? Darren Pilgrim (Sep 09)
- <Possible follow-ups>
- Re: 11 years of inetd default insecurity? Paul Szabo (Sep 08)
- Re[2]: 11 years of inetd default insecurity? 3APA3A (Sep 08)
- Re: 11 years of inetd default insecurity? Lucas Holt (Sep 08)
- Re: Re[2]: 11 years of inetd default insecurity? Paul Szabo (Sep 08)
- Re[4]: 11 years of inetd default insecurity? 3APA3A (Sep 08)
(Thread continues...)
- Re: 11 years of inetd default insecurity? Thamer Al-Harbash (Sep 08)