[1052] in linux-security and linux-alert archive
Re: [linux-security] inetd and denial-of-service
daemon@ATHENA.MIT.EDU (Peter Tobias)
Thu Aug 22 07:17:26 1996
To: dholland@hcs.HARVARD.EDU (David Holland)
Date: Wed, 21 Aug 1996 18:39:19 +0200 (MET DST)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Cc: j@pobox.com, linux-security@tarsier.cv.nrao.edu
Reply-To: tobias@et-inf.fho-emden.de
In-Reply-To: <199608201941.PAA21576@hcs.harvard.edu> from "David Holland" at Aug 20, 96 03:41:49 pm
David Holland wrote:
> > This is a message I saw on the kernel mailing list:
> >
> > On Fri, 16 Aug 1996, Klaus Lichtenwalder wrote:
> >
> > > I have an application that for simplicity backs up new files from a file
> > > server via rsh. Things thingy stops after a few rsh calls to the remote
> > > Linux machine. The following message can be found in syslog:
> > >
> > > Aug 16 17:53:59 gaston inetd[73]: shell/tcp server failing (looping),
> > > service terminated
> > [...]
> >
> > Obviously, this could be a denial of service attack.
>
> If you have problems with it, having cron send inetd a SIGHUP every
> fifteen minutes or so should cure the problem. This is gross, though.
>
> > [REW: I couldn't reproduce the "terminating service" on my slackware
> > distribution. It seems to have the same 1.1 version of inetd. I suspect
> > that the machine is too slow to accept more than 40 requests per minute.
> >
> > I'd rather have the "init" behaviour: "id "c1" respawning too fast:
> > Disabled for 5 minutes"]
>
> This has been added to the to-do list for inetd.
This feature does already exist. The inetd-5.30 that the Debian
Distribution uses reenables the service after 10 minutes.
Thanks,
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@debian.org
Constantiaplatz 4, 26723 Emden, Germany tobias@linux.de