[11400] in bugtraq
Re: DOS against SuSE's identd
daemon@ATHENA.MIT.EDU (Alan Brown)
Wed Aug 18 00:41:37 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.05.9908171422500.30102-100000@mailhost.manawatu.net.nz>
Date: Tue, 17 Aug 1999 14:24:13 +1200
Reply-To: Alan Brown <alan@MANAWATU.GEN.NZ>
From: Alan Brown <alan@MANAWATU.GEN.NZ>
X-To: Hendrik Scholz <hendrik@SCHOLZ.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990814202948.26220.qmail@securityfocus.com>
On Sat, 14 Aug 1999, Hendrik Scholz wrote:
> The inetd.conf starts the identd with the options -w -t120
> -e.
> This means that one identd process waits 120 seconds after
> answering the first request to answer later request.
No, it means that the identd is persistent and will shut down after 120
seconds of idle time.
What ends up happening is that a master identd process spawns a child
for each request and you're running into a basic FD-based DoS attack.
AB
