Home page logo
/

Nmap Announce mailing list archives

Sun finally releases patch for nmap inetd denial of service issue
From: "Alek O. Komarnitsky (N-CSC)" <alek () ast lmco com>
Date: Mon, 25 Sep 2000 10:25:33 -0600 (MDT)

There was some Email discussion a while ago about running nmap
can cause problems for inetd. Specifically, I've was able to
reliabily cause a small percentage (5-10%) of "scanned" machines 
to "hang" inetd ... so that subsequent connections were hung.
I'm just basically doing a single TCP port scan at something that is
handled by inetd (rather than a standalone process). You can usually
"unfreeze" it by doing a 'echo "" | telnet HOSTNAME PORTNUMBER'


There was a patch for HPUX (PHNE_16832) that fixed this problem there.


On Sun Solaris, there was an issue with inetd actually DYING, but that
was fixed some time ago ... but the "hanging" inetd continues. 

Good News: Sun recently released Patch 109104-04 ... which based on
my testing of 50+ machines, *DOES* fix the problem. I.e. I can nmap
these puppies to death and inetd doesn't blink an eye - the README says:
   4337605 inetd Denial of Service Attack - accept() hangs after successful select()


Bad News: This patch is for Solaris 2.7 ONLY ... I've had some
discussions with Sun and "suggested" they release 2.6 & 2.8 versions;
since I can reliably "hang up" inetd 5-10% of the time on those.
I've got about 500 of these machines (all recently patched),
so a semi-decent testbed to use!   ;-)


I'll let folks know what I hear about 2.6 & 2.8 patch availability.
alek

P.S. Pls note that this is NOT nmap's "fault" ... but rather buggy inetd;
which should be more robust.

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]