[1389] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: Re: dos-attack on inetd.

daemon@ATHENA.MIT.EDU (David Holland)
Fri Jan 17 07:31:58 1997

From: David Holland <dholland@eecs.harvard.edu>
To: linux-security@redhat.com
Date: Thu, 16 Jan 1997 15:18:07 -0500 (EST)
In-Reply-To: <199701161732.RAA28118@snowcrash.cymru.net> from "Alan Cox" at Jan 16, 97 05:32:42 pm
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

 > The netkit-0.09 kit should fix the inetd problem. 

According to reports, it doesn't.

However, my question is: why is this happening? A single SYN shouldn't
have any visible effect at user level.

[mod: Could it be that what is happening is this?:

        client           server
            --   SYN  -> 
            <- SYNACK --
            -- ACKRST -> 

The third packet could complete the 3-way handshake, and result in the
listen call returning. However the "RST" part of that third packet
immediately closes the resulting socket. Thus writing to that socket
would cause a SIGPIPE. -- REW]

-- 
   - David A. Holland             |    VINO project home page:
     dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino


home help back first fref pref prev next nref lref last post