[11857] in bugtraq
Re: local telnetd DoS
daemon@ATHENA.MIT.EDU (Ray Barnes)
Sun Sep 12 20:56:55 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.96.990911190646.12727A-100000@shellx.tical.net>
Date: Sat, 11 Sep 1999 19:11:18 -0400
Reply-To: Ray Barnes <corrupt@SHELLX.TICAL.NET>
From: Ray Barnes <corrupt@SHELLX.TICAL.NET>
X-To: George <promo@AKULA.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.3.96.990910115420.13570A-100000@orca.akula.com>
On Fri, 10 Sep 1999, George wrote:
> What this does is get the telnetd service kicked out by inetd..by using a
> similar method with numerous rapid connections, you can shut-down any tcp
> service running under inetd, ie. ftpd, identd, etc, just by connecting to
> the port each service is listening on. Until a fix is out, it might be
> wise to crontab a HUP to inetd every few minutes, so that if somebody
> takes out your telnet service, you can log back in eventually.
>
> George
Sounds like a good "best practice." I've found that a cron'ed HUP of
inetd every 5 minutes is a must-have in the case of Slackware 3.2 with no
packet filtering. It's been my experience that smurf attacks seem to lock
up my inetd (tested on two boxes). Don't ask me why a smurf would have
that effect ; perhaps some sort of odd interaction with the kernel?
*shrug* In any event, a timed HUP is always helpful, at least in my
case.
Ray Barnes
Tical Network Solutions, Inc.
