[115] in bugtraq
Re: udp packet storms
daemon@ATHENA.MIT.EDU (Darren Reed)
Sun Oct 30 11:40:04 1994
From: Darren Reed <avalon@coombs.anu.edu.au>
To: chowes@helix.net (Charles Howes)
Date: Mon, 31 Oct 1994 01:50:43 +1100 (EDT)
Cc: bugtraq@fc.net
In-Reply-To: <Pine.SUN.3.90.941030040414.26538A-100000@trance.helix.net> from "Charles Howes" at Oct 30, 94 04:07:27 am
>
> On Sat, 29 Oct 1994, Pat Myrto wrote:
>
> <snip>
>
> > That's interesting - it amounts to a feedback loop (in electrical
> > or audio terminology). Is there a way to interrupt this sort of
> > thing (short of killing inetd or the involved daemon) or rebooting (a
> > drastic method of doing the same thing)?
> >
> > How would one prevent this without disabling the udp services?
>
> Hmm; I wonder if it's possible to tell tcpd to rate-limit a particular
> service?
tcpd no.
inetd, (sort of), yes. yes if you compiled it and set it. Being able
to set this in inetd.conf would be nice, yes ? xinetd...source...hack...
oh, and inetd does have an inbuilt "rate-limit" which if gets tripped
results in the service being deactivated...as a point of interest, there
was a patch for inetd (last year or so ?) for Sun's inetd because it was
shutting down services which were being called too often through legitamate
use - it used to catch failing services, but now (with faster h/w) was doing
the 'wrong thing'.
