From owner-freebsd-security  Sat Jun 21 23:07:20 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id XAA11075
          for security-outgoing; Sat, 21 Jun 1997 23:07:20 -0700 (PDT)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA11070
          for <freebsd-security@FreeBSD.ORG>; Sat, 21 Jun 1997 23:07:13 -0700 (PDT)
Received: (from msmith@localhost) by genesis.atrad.adelaide.edu.au (8.8.5/8.7.3) id PAA11138; Sun, 22 Jun 1997 15:37:03 +0930 (CST)
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199706220607.PAA11138@genesis.atrad.adelaide.edu.au>
Subject: Re: Simple TCP service can hang a system (fwd)
In-Reply-To: <Pine.BSF.3.91.970622142206.869L-100000@panda.hilink.com.au> from Daniel O'Callaghan at "Jun 22, 97 02:22:49 pm"
To: danny@panda.hilink.com.au (Daniel O'Callaghan)
Date: Sun, 22 Jun 1997 15:37:03 +0930 (CST)
Cc: freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Daniel O'Callaghan stands accused of saying:
> 
> I've noticed that inetd doesn't check the source port for the request
> to UDP simple services (echo, time, chargen, daytime).

(note that this is Linux).

FreeBSD ships with these disabled :

# "Small servers" -- used to be standard on, but we're more conservative
# about things due to Internet security concerns.  Only turn on what you
# need.
#
#daytime stream tcp     nowait  root    internal
#daytime dgram  udp     wait    root    internal
#time   stream  tcp     nowait  root    internal
#time    dgram  udp     wait    root    internal
#echo   stream  tcp     nowait  root    internal
#echo   dgram   udp     wait    root    internal
#discard stream tcp     nowait  root    internal
#discard dgram  udp     wait    root    internal
#chargen stream tcp     nowait  root    internal
#chargen dgram  udp     wait    root    internal

... so if you turn them on, you ought to understand this already 8)

-- 
]] Mike Smith, Software Engineer        msmith@gsoft.com.au             [[
]] Genesis Software                     genesis@gsoft.com.au            [[
]] High-speed data acquisition and      (GSM mobile)     0411-222-496   [[
]] realtime instrument control.         (ph)          +61-8-8267-3493   [[
]] Unix hardware collector.             "Where are your PEZ?" The Tick  [[