Date: Thu, 26 Jul 2001 00:40:17 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Shawn Ramsey <shawn@megadeth.org> Cc: questions@FreeBSD.ORG Subject: Re: telnetd problem? Message-ID: <20010726004017.A42068@xor.obsecurity.org> In-Reply-To: <007701c115a5$7918a550$de48a93f@shawn>; from shawn@megadeth.org on Thu, Jul 26, 2001 at 12:14:43AM -0700 References: <007701c115a5$7918a550$de48a93f@shawn>
next in thread | previous in thread | raw e-mail | index | archive | help
--cWoXeonUoKmBZSoM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Jul 26, 2001 at 12:14:43AM -0700, Shawn Ramsey wrote: > We seem to be getting some port 23 IRC probes or something. This is causing > a bunch of telnetd daemons to start, and they never die. So the number of > telnetd daemons grow until running on of ptys. Short of blocking telnetd > access, is there anything than can be done about this? There are dozens of > telnetd daemons open, and no active port 23 traffic. Why won't they die? There's an exploit which involves sending 16MB of data to the telnetd server. People are probably doing that and it's (predictably) taking a long time to complete. Restrict connections to telnetd or use inetd's rate/child-limiting facilities. Kris --cWoXeonUoKmBZSoM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7X8lgWry0BWjoQKURAsA0AJ4m988BvwnQWux8VxVXbQYu+NVUogCffM56 IsOVEAEAVlCHmcyihmBuKss= =OcGy -----END PGP SIGNATURE----- --cWoXeonUoKmBZSoM-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010726004017.A42068>