Home page logo

Nmap Announce mailing list archives

RE: Setting nmap host_timeout too low may cause DoS on inetd (?)
From: Jose Nazario <jose () biocserver BIOC CWRU Edu>
Date: Fri, 17 Mar 2000 10:53:36 -0500 (EST)

On Thu, 16 Mar 2000, Alek O. Komarnitsky wrote:

Plus, the more common scenerio
is that inetd seems to go into "sleep mode" (ex: telnet's connect but hang)
but if I do ANOTHER scan, then it "wakes" back up and all is well. And yes,
in a few cases, inetd just dies (but only on the (few) SunOS4.x machines
and the HP-UX boxes) - note that "inetd sleeping" occurs on the Solaris boxes.

BSD derived inetd's have looping control built in. they usually log this,
"looping too fast", via syslog and then halt operations for a bit. it's a
weak form of DoS mitigation, and it works. i don't know the vintage of
HPUX inetd, but is it syslogging anything similar to "looping too fast"?
my HPUX box is unavailable from my location here, so i can't run strings
on it to see if that's built in.

jose nazario                                    jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]