Bugtraq: Re: Nmap network auditing/exploring tool V. 2.00 released

[casper () HOLLAND SUN COM (Casper Dik)]

> Another nmap-induced denial-of-service is against many machines inetd's
> when doing a TCP connect() scan (-sT) with the result of killing the inetd
> process.  I've found that Digital Unix and Irix have been vulnerable to
> this.  I cannot reliably reproduce the problem[*] and have not tested it
> against xinetd.

The TCP scan seems to be wide spread under inetd.

It's caused by the inetd "internal" TCP services; when a connection
is made and closed before a response can be send, inetd will die with
SIGPIPE.

This affects the services that do not fork() prior to running; discard,
echo and chargen do fork(), I believe, but time and daytime only send a
single respone and fork()ing wasn't deemed necessary.

It does affect Solaris prior to Solaris 7 (where it was fixed before it
was understood how easy it was to trigger)

Casper