[11822] in bugtraq
Re: remote DoS against inetd and ssh
daemon@ATHENA.MIT.EDU (Jedi/Sector One)
Fri Sep 10 15:21:19 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <37D64926.772FA990@4u.net>
Date: Wed, 8 Sep 1999 13:31:50 +0200
Reply-To: Jedi/Sector One <j@4U.NET>
From: Jedi/Sector One <j@4U.NET>
X-To: Grzegorz Stelmaszek <greg@TENET.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
Grzegorz Stelmaszek wrote:
> At the beginning i'd like to excuse all of you if it is commonly well
> known (hmm, i guess it is, but noone patched it ;>.
>
> Both DoS`s use something known as portfuck (e.g. `while true; do telnet
> host port & done`).
> 1. If you use it against any inetd service, inetd will shoutdown that
> service for about 30 minutes (i did not checked, but it seems to be about
> that time).
This kind of DoS can be avoided by using G2S and IPLimit instead of
Inetd.
Check out http://www.jedi.claranet.fr for these programs.
--
Frank DENIS aka Jedi/Sector One aka DJ Chrysalis <j@4u.net>
-> Music : http://www.mp3.com/chrysalis <-
