Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Possible DoS in rsh
From: kragen () POBOX COM (Kragen)
Date: Thu, 15 Oct 1998 12:08:38 -0400

On Tue, 6 Oct 1998, Shivan Dragon wrote:
[.rhosts -> /dev/null DOSes rsh, imapd]
I'm pretty sure if I did the server's load could have been through the roof.

Something similar to this was posted for Apache a few months ago.

It has been proposed that the appropriate way to handle this is for
imapd, fingerd, rshd, Apache, etc. to check to see if the config file
is a real file or is something else, and then to refuse to do anything
with it if it's not.

I think that this is rather the wrong way to approach it.  If I have a
50G RAID array, I can create a sparse file of 50G for my .rhosts, which
will probably take enough time for imapd to read to make an effective
DOS.  And having such files attached to named pipes, etc., can really
be quite useful.

A more effective and less restrictive solution would be to put
arbitrary, possibly configurable, limits on the amount of the
configuration file that is paid attention to.  Perhaps 100K would be
reasonable for .rhosts.


<kragen () pobox com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
A well designed system must take people into account.  . . .  It's hard to
build a system that provides strong authentication on top of systems that
can be penetrated by knowing someone's mother's maiden name.  -- Schneier

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]