[5334] in bugtraq
Re: TCPwrappers race condition
daemon@ATHENA.MIT.EDU (Nicolai E M Plum)
Fri Oct 3 10:23:12 1997
Date: Fri, 3 Oct 1997 10:06:12 -0000
Reply-To: Nicolai E M Plum <nicolai-bugtraq@UUNET.PIPEX.COM>
From: Nicolai E M Plum <nicolai-bugtraq@UUNET.PIPEX.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSF.3.95q.970928162502.13703H-100000@whatever.kuwait.net>
Thamer Al-Herbish writes:
> TCPwrappers do a getpeername() after bieng passed the socket descriptor from
> inetd. On some OSs this can cause a problem, atleast on SCO. It seems that
> if you connect real fast, and disconnect (just connect() then exit()). It
> winds up logging "unknown" as the hostname. This is because by the time
> tcpwrappers get to make that call the OS has already gotten a FIN and closed
> off the connection. I verfied this with a sniffer.
This can also happen on Solaris and SunOS. We have had people connected on
dialup lines use a piece of software called ``Ponger32''. It claims to ping a
remote host to keep a line up, but actually makes a very short TCP connection
as described above (not very good design).
This causes a stream of notifications from TCPwrappers, but since TCPwrappers
should reject connections that cannot be authenticated, it does not weaken
security, but does cause a nuisance.
And indeed the only way to work out what is actually going on is to snoop the
network.
Nicolai
