Subject: Re: Fwd: inetd DoS exploit
To: Kevin Sindhu <>
From: Emre Yildirim <>
List: netbsd-users
Date: 02/26/2001 22:46:20
On Sunday 25 February 2001 22:33 US Central Time, Kevin Sindhu wrote:

> This is pretty interesting though...even though inetd has been
> coded like this, is there any way for us to prevent this?

Maybe a shellscript that will block the IP when someone tries to 
connect x times within y seconds? (using ipf of course).

> I know a viable solution right now is to drop inetd and installed
> xinetd..but what do you guyz think would be a viable solution to
> this problem?

Like Bill Sommerfeld said, just wait a few minutes and inetd 
recovers. (at least ir doesnt completely crash)

> <Offtopic Rant>
> BTW, this also kills inetd on OpenBSD 2.8-current[prolly all below
> 2.8 branch]...(figures...), but I am sure, when I ask this on this
> tomorrow on the list, 60% of the emails  I'll get back will tell me
> this is not enabled by default...well, ok, the hell that I care if
> ftp ain't enabled by default, I need it therefore I run it...*grin*

HA HAh ...
I tried this on my Linux, Solaris and IRIX boxes, it produced the 
same result.  My OpenBSD-current box's ftp and telnet died as well.  
But you said, since it's not enabled by default it's not a 
bug :-)

Research is to see what everybody else has seen, and think what nobody
else has thought.