mailing list archives
Re: 11 years of inetd default insecurity?
From: Dan Stromberg <strombrg () dcs nac uci edu>
Date: 08 Sep 2003 12:44:55 -0700
On Sun, 2003-09-07 at 18:46, Thamer Al-Harbash wrote:
On Sat, 6 Sep 2003, 3APA3A wrote:
Dear bugtraq () securityfocus com,
Well, we all blame Microsoft in insecure default configuration... Isn't
it time to clean outdated code in Unix?
This has been a known problem for quite a while. In fact
D. J. Bernstein already solved it with tcpserver:
If you look at the bottom he points out pretty much what you
So DJB's program basically has a large listen queue, and goes into
queue-only mode after 40 concurrent connections?
If that's the case, then there's still a DOS - just fill the listen
queue with so much stuff that connections aren't serviced for a long
Dan Stromberg DCS/NACS/UCI <strombrg () dcs nac uci edu>
Description: This is a digitally signed message part