[2602] in bugtraq
denial of service - inetd on solaris 2.4?
daemon@ATHENA.MIT.EDU (Justin Beech)
Fri May 24 02:11:09 1996
Date: Fri, 24 May 1996 09:56:48 +0800
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Justin Beech <jb.sg@fp.cibc.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
I discovered on our solaris 2.4 boxes, that if you telnet to
the discard port, then quit telnet (using control-right-bracket
and quit), you leave a single inetd running in an infinite
read loop. Do this twice, and you get two inetds running...
obviously you can quickly bog the machine down to a standstill..
This doesnt happen on solaris 2.5, so I guess it is some
inetd bug thats been fixed? anyone know a 2.4 patch for this?
Also: what I havent seen mentioned yet, the denial of service
attack is not just to bring down a box.. if one is employed on
Host A, which is trusted by Host B, then this allows
the network clear for the bad guy to impersonate Host A, (the
real Host A being effectively muzzled), thus get into
Host B.
If I remember correctly, this was one of Mitnicks tricks
against Shimomuras collection of machines.
--
Justin@fp.cibc.com
