[5725] in bugtraq
Re: Linux inetd..
daemon@ATHENA.MIT.EDU (Darren Reed)
Wed Dec 3 00:29:50 1997
Date: Wed, 3 Dec 1997 14:31:23 +1100
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: aleph1@DFW.NET
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SUN.3.94.971202003514.19463B-100000@dfw.dfw.net> from
"Aleph One" at Dec 2, 97 00:50:26 am
Linux's accept behaviour has been that way (returning before the connection
gets to ESTABLISHED) for quite some time. You'll find even 1.2.x vulnerable
to that sort of scanning, maybe even 1.0.x.
One of the really annoying things about accept() behaving like this is
that the remote socket information can be gone before accept() has a
chance to store it in your `sockaddr_in', requiring a packet sniffer
of some variety before you know who/what/where is scanning your active
ports.
Darren
