[708] in linux-security and linux-alert archive
Re: [linux-security] Denial of service in inetd
daemon@ATHENA.MIT.EDU (Peter Hartzler)
Thu May 9 06:30:57 1996
Date: Tue, 7 May 1996 17:45:36 -0400 (EDT)
From: Peter Hartzler <ph@eainet.com>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0uGiaY-0009gOC@iifeak.swan.ac.uk>
[Mod: This is not Linux-specific, but I'm sure that many Linux users may
be wondering about these same sorts of things. I ask that you please
direct replies to the post's author (i.e. not to the list), and that he
post a future summary if he thinks it's worthwhile. --Jeff.]
On Tue, 7 May 1996, Alan Cox continued:
> > These internal services can be abused in many other ways. UDP storms (to
> > the echo port etc) come to mind. Everyone should disable these to begin
> > with. I have no idea why the main distributions (redhat/slack/etc) decide
> > to distribute these insecure distributions.
>
> It depends how people view them. There are some nasties in the internal
> services. By your argument we shouldnt include TCP (insecure, spoofable,
> can be tripped into a network food fight with fake frames), IP is right
> out because you can destroy the routing tables causing the same effects,
> and running on a 386 or 486 CPU is out as they have security bugs
>
> Having echo "off" by default would be a good move though.
Hmmm.. I'm wondering about this stuff.
I see that these "dangerous" services have a tcp and a udp component...
Is the udp one dangerous and the tcp not?
--- from /etc/inetd.conf ---
echo stream tcp nowait root internal
echo dgram udp wait root internal
discard stream tcp nowait root internal
discard dgram udp wait root internal
daytime stream tcp nowait root internal
daytime dgram udp wait root internal
chargen stream tcp nowait root internal
chargen dgram udp wait root internal
time stream tcp nowait root internal
time dgram udp wait root internal
--- snip ---
Also, the inetd 8 man page says:
---------
Inetd provides several ``trivial'' services internally by use of routines
within itself. These services are ``echo'', ``discard'', ``chargen''
(character generator), ``daytime'' (human readable time), and ``time''
(machine readable time, in the form of the number of seconds since midnight,
January 1, 1900). All of these services are tcp based. For details of these
services, consult the appropriate RFC from the Network Information Center.
---------
Does this speak to ones' ability to shut down these services, if they're
supplied internally by inetd? Why is the udp version mentioned in the .conf
file if they're tcp based?
Thanks in advance for any help with understanding this!
-ph
Peter Hartzler
<ph@eainet.com>
