[11406] in bugtraq
DOS against SuSE's identd
daemon@ATHENA.MIT.EDU (Peter Eriksson)
Wed Aug 18 04:44:21 1999
Message-Id: <199908170856.KAA06165@sharrow.ifm.liu.se>
Date: Tue, 17 Aug 1999 10:56:46 +0200
Reply-To: Peter Eriksson <peter@IFM.LIU.SE>
From: Peter Eriksson <peter@IFM.LIU.SE>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hendrik Scholz <hendrik@SCHOLZ.NET> writes:
>The inetd.conf starts the identd with the options -w -t120 -e.
>This means that one identd process waits 120 seconds after
>answering the first request to answer later request.
>Lets say we start 100 requests in a short period.
>Due to the fact that it takes time to answer one request
>more identd's will be started each eating up about 900kb
>memory and waiting 120 seconds before terminating.
>I tested this behaviour on different machines with different
>hardware (RAM, Swap, NIC).
>Each machine becomes unusable after some seconds.
>This bug is in _every_ SuSE Version at least since 4.4.
>SuSE seems not to be interested in this bug becaus they
>did not answer any of my mails.
This bug is probably due to some incompatibility between
SuSE's inetd daemons handling of 'stream tcp' & 'wait' servers
and the way Pidentd expects it to be handled.
The "normal" (as normal as it can be since 'stream tcp wait'
normally is not a supported configuration) thing that should
happen is that Inetd should start _one_ Pidentd, which then
should handle all new requests in sub-processes, which should
die immediately after the request has been handled. In the Suse
case it seems (my guess) that Inetd keeps on starting new
Pidentd's...
Anyway, I nowadays _generally_ recommend people to stay away from
the "-w" stuff in Pidentd due to the problems with the behaviours
of various Inetd implementations...
I recommend instead that people get the latest version of Pidentd
(version 3.0.7 as of this writing) which uses multithreaded instead
of forking subprocesses - this can reduce the load on systems
significantly).
Pidentd 3.0.7 (and later) can be downloaded from:
ftp://ftp.lysator.liu.se/pub/ident/servers
Here's the PGP Signature of that file:
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: D750KrTMC9lSc8xPJqIOoI5ldgh6QDYj
iQCVAwUAN7c0a0GVHk0UMIghAQH7/wP8DV9NyDrPxMfa8lxSRMrGK8/kNSeKU+Z0
G+eX267t7WpjlP3puVchb7lp7zbtYlJhd6jyuxzwFJrGZs6GJGgT8B6vtFYqfYFm
9n5DAylzrTezWYUEkTQpy4UV+w1gVTa7+/qJcbkTm2rJaPaxp11duf0NH9zOhGZG
gzfAOgkXMrU=
=Mfo4
-----END PGP SIGNATURE-----
/Peter (The Pidentd author)
