Subject: Re: Fwd: inetd DoS exploit
To: Kevin Sindhu <firstname.lastname@example.org>
From: Emre Yildirim <email@example.com>
Date: 02/26/2001 22:46:20
On Sunday 25 February 2001 22:33 US Central Time, Kevin Sindhu wrote:
> This is pretty interesting though...even though inetd has been
> coded like this, is there any way for us to prevent this?
Maybe a shellscript that will block the IP when someone tries to
connect x times within y seconds? (using ipf of course).
> I know a viable solution right now is to drop inetd and installed
> xinetd..but what do you guyz think would be a viable solution to
> this problem?
Like Bill Sommerfeld said, just wait a few minutes and inetd
recovers. (at least ir doesnt completely crash)
> <Offtopic Rant>
> BTW, this also kills inetd on OpenBSD 2.8-current[prolly all below
> 2.8 branch]...(figures...), but I am sure, when I ask this on this
> tomorrow on the list, 60% of the emails I'll get back will tell me
> this is not enabled by default...well, ok, the hell that I care if
> ftp ain't enabled by default, I need it therefore I run it...*grin*
HA HAh ...
I tried this on my Linux, Solaris and IRIX boxes, it produced the
same result. My OpenBSD-current box's ftp and telnet died as well.
But hey...like you said, since it's not enabled by default it's not a
Research is to see what everybody else has seen, and think what nobody
else has thought.