From owner-cvs-all Fri Jul 23 6: 0:41 1999 Delivered-To: cvs-all@freebsd.org Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (Postfix) with ESMTP id A6C5014E8D for ; Fri, 23 Jul 1999 06:00:34 -0700 (PDT) (envelope-from andre.albsmeier@mchp.siemens.de) X-Envelope-Sender-Is: andre.albsmeier@mchp.siemens.de (at relayer david.siemens.de) Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by david.siemens.de (8.9.3/8.9.3) with ESMTP id PAA29448 for ; Fri, 23 Jul 1999 15:00:34 +0200 (MET DST) Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.42.7]) by mail1.siemens.de (8.9.3/8.9.3) with ESMTP id PAA01060 for ; Fri, 23 Jul 1999 15:00:32 +0200 (MET DST) Received: (from daemon@localhost) by curry.mchp.siemens.de (8.9.3/8.9.3) id PAA50656 for ; Fri, 23 Jul 1999 15:00:33 +0200 (CEST) Date: Fri, 23 Jul 1999 15:00:30 +0200 From: Andre Albsmeier To: Dag-Erling Smorgrav Cc: Andre Albsmeier , Brian Feldman , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/inetd builtins.c inetd.h Message-ID: <19990723150030.A10047@internal> References: <199907222111.OAA65792@freefall.freebsd.org> <19990723112812.A3847@internal> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.5i In-Reply-To: ; from Dag-Erling Smorgrav on Fri, Jul 23, 1999 at 12:13:15PM +0200 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk On Fri, 23-Jul-1999 at 12:13:15 +0200, Dag-Erling Smorgrav wrote: > Andre Albsmeier writes: > > While you are so busy with inetd the last time (thanks, btw) > > I observed some kind of denial of service on -STABLE: I was > > playing with the new nmap and did a 'nmap -sU printfix'. > > For those not familiar with nmap, this is a UDP scan: > > -sU UDP scans: This method is used to determine which > UDP (User Datagram Protocol, RFC 768) ports are > open on a host. The technique is to send 0 byte > udp packets to each port on the target machine. If > we receive an ICMP port unreachable message, then > the port is closed. Otherwise we assume it is > open. Yes, I knew. I think, I didn't describe the problem clearly so I will try again :-) 1. I run 'nmap -sU printfix' on the 192.168.17.100 machine. 2. After nmap has finished it shows me the open ports. 3. We wait , e.g. 1 minute 4. inetd, which runs with -l, continues logging to syslogd and never stops. Here is a top snapshot taken one minute later: last pid: 4040; load averages: 0.96, 0.56, 0.29 up 0+06:19:27 14:56:00 36 processes: 2 running, 34 sleeping CPU states: 54.3% user, 0.0% nice, 41.9% system, 3.9% interrupt, 0.0% idle Mem: 8500K Active, 37M Inact, 12M Wired, 3428K Cache, 7592K Buf, 532K Free Swap: 49M Total, 49M Free PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 3748 root 58 0 956K 704K RUN 0:20 44.97% 44.97% inetd 122 root 2 0 848K 576K select 3:10 36.47% 36.47% syslogd 127 root 2 0 1588K 1228K select 0:05 0.00% 0.00% named 200 root 2 0 876K 524K select 0:02 0.00% 0.00% lpd 132 root 2 -52 1236K 732K select 0:02 0.00% 0.00% xntpd In case we start inetd without -l, it doesn't log to syslogd anymore and therefore consumes all the CPU for itself: last pid: 4397; load averages: 1.59, 1.10, 0.55 up 0+06:22:14 14:58:47 111 processes: 2 running, 109 sleeping CPU states: 61.2% user, 0.0% nice, 38.0% system, 0.8% interrupt, 0.0% idle Mem: 10M Active, 30M Inact, 14M Wired, 3776K Cache, 7592K Buf, 3688K Free Swap: 49M Total, 49M Free PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 4043 root 104 0 956K 740K RUN 1:33 97.66% 97.61% inetd 122 root 2 0 848K 576K select 3:16 0.00% 0.00% syslogd 127 root 2 0 1588K 1228K select 0:05 0.00% 0.00% named Remember that nmap has finished already a long time ago. I think, inetd is stuck in some loop which can be terminated only by killing and restarting it. -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message