From owner-freebsd-security Mon Feb 26 16:52: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from giroc.albury.net.au (giroc.albury.NET.AU [203.15.244.13]) by hub.freebsd.org (Postfix) with ESMTP id 8A29137B491 for ; Mon, 26 Feb 2001 16:51:57 -0800 (PST) (envelope-from nicks@giroc.albury.net.au) Received: (from nicks@localhost) by giroc.albury.net.au (8.11.1/8.11.1) id f1R0ppE91094; Tue, 27 Feb 2001 11:51:51 +1100 (EST) Date: Tue, 27 Feb 2001 11:51:51 +1100 From: Nick Slager To: Marius Strom Cc: security@FreeBSD.ORG Subject: Re: bugtraq inetd DoS exploit *PFFT* Message-ID: <20010227115151.A85764@albury.net> References: <20010227105017.A74709@albury.net> <20010226183621.O12721@marius.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010226183621.O12721@marius.org>; from marius@marius.org on Mon, Feb 26, 2001 at 06:36:21PM -0600 X-Homer: Whoohooooooo! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thus spake Marius Strom (marius@marius.org): >On Tue, Feb 27, 2001 at 10:50:17AM +1100, Nick Slager wrote: >> >> The inetd shipped with FreeBSD appears vulnerable to the inetd DoS >> exploit posted on bugtraq. >> >> ... >> >> As a workaround, start inetd with the -C flag. > > This is not a "vulnerability", per se. inetd(8) will suspend a service > for 10 minutes if a certain amount of them are started within a certain > time, hence your log message. Not to deny that it's a limited DoS > condition, but it was programmed that way. > > To update this on a per-service basis (say, your pop3 daemon takes lots > of hits under normal traffic) do the following: [ snip inetd.conf entry and man page quote ] erm, thanks, I do realise this. The advantage of the -C flag is being able to specify the maximum times a given service can be invoked from a single IP, ensuring services are still available for other clients. Nick -- Nick Slager | Quidquid latine dictum nicks@albury.net | sit, altum viditur. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message