[11398] in bugtraq
Re: DOS against SuSE's identd
daemon@ATHENA.MIT.EDU (Danton Nunes)
Tue Aug 17 23:11:18 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
Message-Id: <199908170120.WAA06961@quantum.inexo.com.br>
Date: Mon, 16 Aug 1999 22:20:26 -0300
Reply-To: Danton Nunes <danton@INEXO.COM.BR>
From: Danton Nunes <danton@INEXO.COM.BR>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990814202948.26220.qmail@securityfocus.com> from "Hendrik
Scholz" at Aug 14, 99 08:29:48 pm
Hendrik says:
> The inetd.conf starts the identd with the options -w -t120
> -e.
> This means that one identd process waits 120 seconds after
> answering the first request to answer later request.
No. accordint to inetd's man page:
The -t<seconds> option is used to specify the timeout
limit. This is the number of seconds a server started with
the -w flag will wait for new connections before terminat-
ing. The server is automatically restarted by inetd when-
ever a new connection is requested if it has terminated. A
suitable value for this is 120 (2 minutes), if used. It
defaults to no timeout (i.e. will wait forever, or until a
fatal condition occurs in the server).
this does not mean that the server does nothing until <seconds>
elapse. it listen to requests and serves them. if there is
no request during the <seconds> period it dies. Many inetd-spawned
servers do like this (e.g. xtacacsd). if something is going wrong
it is not related to the -t120 flag. Maybe inetd does not know
there is an identd on duty and spawns another copy.
> Lets say we start 100 requests in a short period.
> Due to the fact that it takes time to answer one request
> more identd's will be started each eating up about 900kb
> memory and waiting 120 seconds before terminating.
> I tested this behaviour on different machines with different
> hardware (RAM, Swap, NIC).
> Each machine becomes unusable after some seconds.
> This bug is in _every_ SuSE Version at least since 4.4.
this bug (if the bug is the way inetd is invoked) is in almost
every /etc/inetd.conf in the Unix galaxy, not specific to SuSE Linux.
--
Danton Nunes | Consultoria e Servigos de Acesso ` Internet
InterNexo Ltda. | http://www.inexo.com.br/ mailto:danton@inexo.com.br
S.J.Campos,BRASIL | PGP: 02 D1 E2 DF 21 EC 48 69 3F D5 4D 1B 5D 73 F4 B5
