[11787] in bugtraq
Re: remote DoS against inetd and ssh
daemon@ATHENA.MIT.EDU (Alexander Boutkhoudze)
Thu Sep 9 17:44:46 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: 7bit
Message-Id: <006301bef96f$9ef9a700$a11e22c3@mal>
Date: Wed, 8 Sep 1999 00:28:58 +0400
Reply-To: Alexander Boutkhoudze <mal@xakep.ru>
From: Alexander Boutkhoudze <mal@XAKEP.RU>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
patching:
in rc.conf above inetd_flags type -l -R 1024? :)
>Hi,
>
>At the beginning i'd like to excuse all of you if it is commonly well
>known (hmm, i guess it is, but noone patched it ;>.
>
>Both DoS`s use something known as portfuck (e.g. `while true; do telnet
>host port & done`).
>1. If you use it against any inetd service, inetd will shoutdown that
>service for about 30 minutes (i did not checked, but it seems to be about
>that time).
>2. If you use it against sshd, you have 99% that you crash the mashine in
>few seconds.
>TESTED:
>sshd-1.2.26 on Debian 2.0
>sshd-1.2.27 on Debian 2.1
>sshd-1.2.27 on RedHat 5.2
>inetd - one provided with Debian 2.0/2.1/Redhat 5.2
>all above platforms are VULNURABLE to this attack
>COMPROMISE:
>Allows any user to hang many machines in the Internet (i guess that only
>these behind a firewall are secure ;>
>SOLUTION:
>propaply running in ulimit envirmont (like qmail does) should help and
>additionally in inetd remove this strange 'protection'.
>
>regards,
> greg AKA VanitaS
>
>***************************************************************************
>* Grzegorz Stelmaszek * For my public PGP key:
>* mailto:greg@tenet.pl * finger:greg@tenet.pl
>* http://www.tenet.pl * 18 E9 5E 6D 78 F0 11 F2
>****************************** 45 CF CF 63 77 C0 A4 20
