[19396] in bugtraq
Re: inetd DoS exploit
daemon@ATHENA.MIT.EDU (Peter van Dijk)
Tue Feb 27 16:41:56 2001
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010227020216.C21881@dataloss.nl>
Date: Tue, 27 Feb 2001 02:02:16 +0100
Reply-To: Peter van Dijk <peter@DATALOSS.NL>
From: Peter van Dijk <peter@DATALOSS.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <01022519293700.04366@ihg>; from linux@IHGROUP.RU on Sun, Feb 25,
2001 at 07:26:07PM +0300
On Sun, Feb 25, 2001 at 07:26:07PM +0300, Serega[linux] wrote:
> Name: inetd DoS exploit
> Author: Serega[Linux]
This is a *very* old and widely-known inetd DoS. It comes down making
inetd's ratelimiting kick in. Recent inetd's (like the one that comes
with FreeBSD) also have concurrencylimiting, which makes sense.
Ratelimiting has never prevented a malicious client from crashing a
server.
inetd replacements like xinetd and tcpserver
(http://cr.yp.to/ucspi-tcp.html) have real ratelimiting which
preventes *real* problems, as opposed to inetd ratelimiting which
actually only *creates* problems.
Greetz, Peter.
