[1038] in linux-security and linux-alert archive
Re: [linux-security] inetd and denial-of-service
daemon@ATHENA.MIT.EDU (David Holland)
Wed Aug 21 06:31:35 1996
From: David Holland <dholland@hcs.HARVARD.EDU>
To: j@pobox.com
Date: Tue, 20 Aug 1996 15:41:49 -0400 (EDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.95.960819184623.22341H-100000@blackhole.mordor> from "Joel Maslak" at Aug 19, 96 07:33:38 pm
>
>
> This is a message I saw on the kernel mailing list:
>
> On Fri, 16 Aug 1996, Klaus Lichtenwalder wrote:
>
> > I have an application that for simplicity backs up new files from a file
> > server via rsh. Things thingy stops after a few rsh calls to the remote
> > Linux machine. The following message can be found in syslog:
> >
> > Aug 16 17:53:59 gaston inetd[73]: shell/tcp server failing (looping),
> > service terminated
> [...]
>
> Obviously, this could be a denial of service attack.
If you have problems with it, having cron send inetd a SIGHUP every
fifteen minutes or so should cure the problem. This is gross, though.
> [REW: I couldn't reproduce the "terminating service" on my slackware
> distribution. It seems to have the same 1.1 version of inetd. I suspect
> that the machine is too slow to accept more than 40 requests per minute.
>
> I'd rather have the "init" behaviour: "id "c1" respawning too fast:
> Disabled for 5 minutes"]
This has been added to the to-do list for inetd.
--
- David A. Holland | Number of words in the English language that
dholland@hcs.harvard.edu | exist because of typos or misreadings: 381