[2642] in bugtraq
Re: denial of service - inetd on solaris 2.4?
daemon@ATHENA.MIT.EDU (Peter Skopp)
Mon May 27 16:42:38 1996
Date: Mon, 27 May 1996 14:33:51 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Peter Skopp <Peter-Skopp@deshaw.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
> According to Brad Powell:
> > You should probably just turn off echo, discard, daytime and chargen
You should turn off echo, daytime, chargen and time (at least), but there
is really no need to turn off discard.
You only need to turn off UDP based services which elicit responses (or
error messages) when attached to another service which is feeding it "crap".
Any combination of echo, time, daytime, and chargen will loop (although
echo <-> echo requires the spoofed packet to have an initial payload).
The DOS comes in b/c echo of these services will elicit a response given
a packet from any of these services, so the 2 programs will play ping pong
with each other.
The discard service will just read the packet and discard it (as its name
implies), so the DOS attack outlined in CERT CA-96:01 doesn't hold with
discard, and it is safe to keep it in your inetd.conf file.
Peter Skopp
