[694] in linux-security and linux-alert archive
Re: [linux-security] Denial of service in inetd
daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Thu May 2 15:55:31 1996
To: linux-security@tarsier.cv.nrao.edu
In-reply-to: Your message of "Thu, 02 May 1996 11:59:00 EDT."
<199605021559.LAA22038@phoenix.iss.net>
Date: Thu, 02 May 1996 14:21:00 -0400
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
Your message dated: Thu, 02 May 1996 11:59:00 EDT
> We have uncovered some potential problems with the time and daytime
> services under inetd.
>
> If you send these services the "SYN" packet and then reset the connection
> before the connection is open, it will cause inetd to die completly.
>
> This could be a fairly nasty denial of service attack if you use any of the
> services in inetd, and a firewall may not protect you if the filter rules
> do not filter out those packets.
>
> I'd recomend everyone here comment out the TCP (stream) versions of these
> services.
This type of attack is not limited to either Linux or daytime/tcp services.
Such attack can be successfully performed against virtually every service
started from or perfromed by inetd. The better solution is to remove all
unused servies from inetd. It could be also advised that services that
more-or-less duplicate functionality of other servers should be removed.
Best wishes,
Alex
