Date: Wed, 27 Aug 1997 09:29:13 -0400 (EDT) From: David Holland <dholland@eecs.harvard.edu> To: newton@communica.com.au (Mark Newton) Cc: Shimon@i-Connect.Net, freebsd-security@FreeBSD.ORG Subject: Re: FW: Denial-of-service attack against INETD. Redhat 4.X and othe Message-ID: <199708271329.JAA00911@burgundy.eecs.harvard.edu> In-Reply-To: <9708270326.AA12076@communica.com.au> from "Mark Newton" at Aug 27, 97 12:56:26 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> What kind of weenie posts a long rambling message to CERT about a denial
> of service issue that's documented for all to see in the manpage anyway?
Don't ask me...
> Eh? inetd sleeps in two places: One of them is when a fork() fails.
> The other is when the select() that's used to detect incoming connections
> fails (i.e.: returns <= 0). What has Linux done to their inetd? :-)
Nothing. :-p
I picked up the guy's "fixes", and it's a completely new version of
inetd. Since he seems to have decided it was a good idea to reindent
and reformat everything, I can't tell what he's done.
I think he misunderstood the significance of the EINTR in
if ((n = select(maxsock + 1, &readable, (fd_set *)0,
(fd_set *)0, (struct timeval *)0)) <= 0) {
if (n < 0 && errno != EINTR)
syslog(LOG_WARNING, "select: %m\n");
sleep(1);
continue;
}
However, he seems to have changed that sleep to a sleep(60). So I
don't know what he's smoking.
> > One other change: it used to be that if bind() fields when setting
> > up a socket, inetd would wait 10 minutes before trying again. I
> > lowered this value to 10 seconds.
>
> If bind() fails it usually indicates the kind of savage resource shortage
> that perfectly justifies backing off for ten minutes or so. To reduce
> this back-off to ten seconds introduces the possibility that inetd
> can actually contribute to Denial Of Service problems by compounding
> existing resource shortages.
That, and the most common cause of this failure is accidentally
running two inetds at once, so there's no point in hurrying to retry.
--
- David A. Holland | VINO project home page:
dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708271329.JAA00911>