Home page logo

bugtraq logo Bugtraq mailing list archives

Re: denial of service - inetd on solaris 2.4?
From: bpowell () topsun West Sun COM (Brad Powell)
Date: Fri, 24 May 1996 08:45:51 -0700

From owner-bugtraq () NETSPACE ORG  Thu May 23 23:12:14 1996
Approved-By:  Justin Beech <jb.sg () FP CIBC COM>
Date:         Fri, 24 May 1996 09:56:48 +0800
From: Justin Beech <jb.sg () fp cibc com>
Subject:      denial of service - inetd on solaris 2.4?
To: Multiple recipients of list BUGTRAQ <BUGTRAQ () NETSPACE ORG>

I discovered on our solaris 2.4 boxes, that if you telnet to
the discard port, then quit telnet (using control-right-bracket
and quit), you leave a single inetd running in an infinite
read loop. Do this twice, and you get two inetds running...

yeah we found the same thing when building WAN probeing tools.

obviously you can quickly bog the machine down to a standstill..
This doesnt happen on solaris 2.5, so I guess it is some
inetd bug thats been fixed? anyone know a 2.4 patch for this?

Patch-ID# 102922-03
Synopsis: SunOS 5.4: inetd fixes
BugId's fixed with this patch: 1175129 1202603 1217754
Changes incorporated in this version: 1217754

You should probably just turn off echo, discard, daytime and chargen
as well. From the comment in inetd.conf:
# Echo, discard, daytime, and chargen are used primarily for testing.

Also: what I havent seen mentioned yet, the denial of service
attack is not just to bring down a box.. if one is employed on
Host A, which is trusted by Host B, then this allows
the network clear for the bad guy to impersonate Host A, (the
real Host A being effectively muzzled), thus get into
Host B.
If I remember correctly, this was one of Mitnicks tricks
against Shimomuras collection of machines.

close enough. :-). This could potentially be used to bog down a
NIS or other server to allow a faster response from a "bad guy" host.

e.g., using denial of services to hedge a race condition.

Brad Powell : brad.powell () Sun COM
Sr. Network Security Consultant
Sun Microsystems Inc.
               The views expressed are those of the author and may
                  not reflect the views of Sun Microsystems Inc.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]