[31473] in bugtraq
Re: 11 years of inetd default insecurity?
daemon@ATHENA.MIT.EDU (Lucas Holt)
Mon Sep 8 17:21:07 2003
Date: Mon, 8 Sep 2003 16:51:12 -0400
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
Cc: 3APA3A@SECURITY.NNOV.RU, bugtraq@securityfocus.com
To: psz@maths.usyd.edu.au (Paul Szabo)
From: Lucas Holt <luke@foolishgames.com>
In-Reply-To: <200309080026.h880QOc114306@milan.maths.usyd.edu.au>
Message-Id: <2EA9C34C-E23E-11D7-BB51-0030656DD690@foolishgames.com>
Content-Transfer-Encoding: 7bit
>
>
> Your cure is worse than the disease: rate limiting allows a DoS
> against the
> service, no limit allows a DoS against the whole machine.
>
> Cheers,
>
> Paul Szabo - psz@maths.usyd.edu.au
> http://www.maths.usyd.edu.au:8000/u/psz/
> School of Mathematics and Statistics University of Sydney 2006
> Australia
>
Isn't that the point of system administration, to set reasonable values
for such things. A balance between a reasonable load and a full DOS
attack on the service or machine must be achieved.
I don't see how this feature is bad as long as its used properly.
Besides many people run multiple services on a host.. if you set the
value to unlimited all services are DOS'd. For instance, I have a
system running apache, sendmail, and imapd. imapd is spawned by inetd
and therefore could be DOS'd with a limit. By setting a limit though,
my apache and sendmail servers stay up. I think this is a no brainer.
Lucas Holt
Luke@FoolishGames.com
________________________________________________________
FoolishGames.com (Jewel Fan Site)
JustJournal.com (Free blogging)
"Only two things are infinite, the universe and human stupidity, and
I'm not sure about the former."
- Albert Einstein (1879-1955)
