[2020] in bugtraq
Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Mon Jul 10 12:28:52 1995
Date: Mon, 10 Jul 1995 07:34:02 -0400
Reply-To: perry@imsi.com
From: "Perry E. Metzger" <perry@imsi.com>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Sun, 09 Jul 1995 08:16:58 EDT."
<9507091216.AA00623@all.net>
"Dr. Frederick B. Cohen" writes:
> I was trying a loop test to stress performance on our secure W3
> server and found that inetd under SunOS detects what it thinks to be
> loops and shuts down all httpd services untill a kill -HUP is sent to
> the inetd process. How is this bug/feature controlled, and doesn't this
> lead very directly to denial of services attacks?
>
> Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing (looping), service t
erminated
BUGTRAQ is for security holes, not for vendor features, no matter how
misguided. Having said that:
This is in fact a standard Berkeley inetd feature -- you need source
to turn it off, although I believe Sun has a "patch" for 4.1.x that
consists of an inetd with an option to turn off the "feature".
.pm
