[2018] in bugtraq
Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing
daemon@ATHENA.MIT.EDU (Albert Lunde)
Mon Jul 10 01:12:16 1995
Date: Sun, 9 Jul 1995 14:20:00 -0500
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Albert Lunde <Albert-Lunde@nwu.edu>
X-To: bugtraq@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
At 8:16 AM 7/9/95, fc@all.net wrote:
> I was trying a loop test to stress performance on our secure W3
>server and found that inetd under SunOS detects what it thinks to be
>loops and shuts down all httpd services untill a kill -HUP is sent to
>the inetd process. How is this bug/feature controlled, and doesn't this
>lead very directly to denial of services attacks?
I think this bug/feature is fairly widespread. Below are some extracts from
the old (pre-4.4lite) BSD sources (ftped off uunet a year or two back):
What this comes down to is that inetd shuts down a service if more than a
particular number of request per minute come in, for a fixed period of time
(presumably as a defense against run-away client software.)
>#define TOOMANY 40 /* don't start more than TOOMANY */
>#define CNT_INTVL 60 /* servers in CNT_INTVL sec. */
>#define RETRYTIME (60*10) /* retry after bind or server fail */
> if (dofork) {
> if (sep->se_count++ == 0)
> (void)gettimeofday(&sep->se_time,
> (struct timezone *)0);
> else if (sep->se_count >= TOOMANY) {
> struct timeval now;
>
> (void)gettimeofday(&now, (struct timezone *)0);
> if (now.tv_sec - sep->se_time.tv_sec >
> CNT_INTVL) {
> sep->se_time = now;
> sep->se_count = 1;
> } else {
> syslog(LOG_ERR,
> "%s/%s server failing (looping), service terminated\n",
> sep->se_service, sep->se_proto);
> FD_CLR(sep->se_fd, &allsock);
> (void) close(sep->se_fd);
> sep->se_fd = -1;
> sep->se_count = 0;
> nsock--;
> if (!timingout) {
> timingout = 1;
> alarm(RETRYTIME);
> }
Unfortunately these time constants were originally hardwired in the code
and computers have been getting faster. We met this bug when it shut down a
widely used service on our campus.
There are patches for various versions of Unix and changes in the newer BSD
sources that add a parameter to inetd that allows changing the cutoff rate
of requests per minute.
But this doesn't really solve the problem of denial of service... though
one might argue that having some upper limit controls another kind of
denial of service, a 10 minute total shutdown of the service is a drastic
remedy.
---
Albert Lunde Albert-Lunde@nwu.edu
