[1953] in linux-security and linux-alert archive
[linux-security] Re: tcpd anomaly
daemon@ATHENA.MIT.EDU (Annex)
Fri Jul 3 05:55:01 1998
Date: Fri, 3 Jul 1998 05:23:32 +0600 (BGT)
From: Annex <annex@thing.annexgrp.org>
To: Pluto <pluto@pizzaservice.de>
cc: Linux Security <linux-security@redhat.com>
In-Reply-To: <Pine.LNX.3.96.980701204911.21000G-100000@hellraiser.mindstar.bogus>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Wed, 1 Jul 1998, Pluto wrote:
| Seems like tcpd is still busy with the last two scripts and doesn't even
| look at the connect. Or do I miss something? Have the scripts have to have
| a '&' at the end of the line to prevent it? Or is it a bug of the tcpd
well.. I used to use a boobytrap on port 139 for outside IPs with TCPD..
who's job was to mail me the source IP immediately.. until.. I got hit by
this person.. who used 28 diff IPs to hit port 139 repeatedly.. and it was
so hard on my machine.. that the HD LED never went out before I power
cycled it after like 15 mins of non responsiveness :(
I had an "&" at the end
this is something you should be aware of when running something like an
external shell script or a program from tcpd using twist or without..
---
Annex
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null