[2024] in bugtraq
Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing
daemon@ATHENA.MIT.EDU (Karl Strickland)
Mon Jul 10 20:10:30 1995
Date: Mon, 10 Jul 1995 12:02:54 +0100
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Karl Strickland <karl@bagpuss.demon.co.uk>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <9507091216.AA00623@all.net> from "Dr. Frederick B. Cohen" at Jul
9, 95 08:16:58 am
>
> I was trying a loop test to stress performance on our secure W3
> server and found that inetd under SunOS detects what it thinks to be
> loops and shuts down all httpd services untill a kill -HUP is sent to
> the inetd process. How is this bug/feature controlled, and doesn't this
> lead very directly to denial of services attacks?
It does. From memory, I think SunOS 4 requires 40 connections/minute to
decide that a service is looping. On other OS's its higher - some its 255,
and on some its 1000. Some inetd's provide a command line option to alter
it (eg BSD 4.4), others need you to change a #define and rebuild.
This is one reason why CERN recommend you dont run their httpd from inetd.
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|
