Hi,
Unfortunately, none of my VMS machines are available to the outside world,
but I was able to confirm a problem on MultiNet version 4.0C. In our
testing we were not able to crash the machine, though we did see the
problem you describe. I'll work with version 4.2 a bit later today, but
expect the same behavior.
In discussing with colleagues what would theoretically happen, using up all
the channels *could* result in the machine falling over, but it would
simply reload & come right back up with services available. Annoying and
disruptive, but not terminal. This is theory only -- as I said, in testing
I was not able to crash the system.
Are you willing to share your exploit, and allow me to test for you &
report back the results?
I'm also running a MultiNet FTP server on Win95, but it's not really the
same.:)
Also, have you reported the problem to Process, who now owns MultiNet?
Thanks,
Lisa Napier
Product Security Incident Response Team
Cisco Systems
At 01:54 PM 12/21/1999 +0300, CyberPsychotic wrote:
>Hey,
> Anyone runs MultiNet FTP server on VMS and don't mind to let me test
>out if the problem I found recently really could drive the machine to
>crash? This ftp daemon doesn't timeout/close connection when before it
>authenticates user, which seems to be quite serious problem until VMS has
>some sort of iternal protection against too many opened connections. I've
>done some code to perform quick tests but don't feel like bothering random
>internet boxens :)
>
>cheers,
>-F
Received on Dec 24 1999
Intro
