[1038] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] inetd and denial-of-service

daemon@ATHENA.MIT.EDU (David Holland)
Wed Aug 21 06:31:35 1996

From: David Holland <dholland@hcs.HARVARD.EDU>
To: j@pobox.com
Date: Tue, 20 Aug 1996 15:41:49 -0400 (EDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.95.960819184623.22341H-100000@blackhole.mordor> from "Joel Maslak" at Aug 19, 96 07:33:38 pm

 > 
 > 
 > This is a message I saw on the kernel mailing list:
 > 
 > On Fri, 16 Aug 1996, Klaus Lichtenwalder wrote:
 > 
 > > I have an application that for simplicity backs up new files from a file
 > > server via rsh. Things thingy stops after a few rsh calls to the remote
 > > Linux machine. The following message can be found in syslog:
 > > 
 > > Aug 16 17:53:59 gaston inetd[73]: shell/tcp server failing (looping),
 > > service terminated
 >  [...]
 >
 > Obviously, this could be a denial of service attack.

If you have problems with it, having cron send inetd a SIGHUP every
fifteen minutes or so should cure the problem. This is gross, though.

 > [REW: I couldn't reproduce the "terminating service" on my slackware
 > distribution. It seems to have the same 1.1 version of inetd. I suspect
 > that the machine is too slow to accept more than 40 requests per minute.
 > 
 > I'd rather have the "init" behaviour: "id "c1" respawning too fast:
 > Disabled for 5 minutes"]

This has been added to the to-do list for inetd.

-- 
   - David A. Holland          | Number of words in the English language that
     dholland@hcs.harvard.edu  | exist because of typos or misreadings: 381

home help back first fref pref prev next nref lref last post