[19381] in bugtraq
Re: inetd DoS exploit
daemon@ATHENA.MIT.EDU (Jose Nazario)
Tue Feb 27 13:57:11 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.30.0102261633260.29130-100000@biocserver.BIOC.CWRU.Edu>
Date: Mon, 26 Feb 2001 16:39:58 -0500
Reply-To: Jose Nazario <jose@BIOCSERVER.BIOC.CWRU.EDU>
From: Jose Nazario <jose@BIOCSERVER.BIOC.CWRU.EDU>
X-To: "Serega[linux]" <linux@IHGROUP.RU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <01022519293700.04366@ihg>
On Sun, 25 Feb 2001, Serega[linux] wrote:
> [ser@ihg prog]$ cc inetddos.c -o inetddos
> [ser@ihg prog]$ ./inetddos 127.0.0.1 21
> DoS OK
(code snipped)
*hrm* ok. this is old. see also the inetd process table attack.
http://www.interesting-people.org/199902/0069.html
this can be stemmed in a number of ways:
1] using inetd, rate limit the connections. change a line like
telnet stream tcp nowait root /usr/libexec/telnetd telnetd
to
telnet stream tcp nowait.1 root /usr/libexec/telnetd telnetd
this will maximize the number of connections per minute on that service:
(from an inetd manpage on OpenBSD 2.8)
The optional ``max'' suffix (separated from ``wait'' or ``nowait'' by a
dot) specifies the maximum number of server instances that may be spawned
from inetd within an interval of 60 seconds. When omitted, ``max''
defaults to 40.
2] inetd -R. (again from OpenBSD's 2.8 manpage for inetd)
-R rate
Specify the maximum number of times a service can be invoked
in one minute; the default is 256.
i believe the inetd in Linux, which is derived from BSD's inetd, has these
features. at least the last time i looked at the code (eons ago) it did.
3] move to xinetd or other similar programs which have rate limiting.
solar designer has a neat-o patch for xinetd that can do max-per-IP
limits. very nice ... :)
anyhow, old, mitigations are alreay in place, just learn to use them.
____________________________
jose nazario jose@cwru.edu
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
