Re: finger-bombing, abuse timeout

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Tom Fitzgerald: "Re: finger-bombing"
• Previous message: Charles Howes: "Re: finger-bombing"
• In reply to: That Whispering Wolf...: "Re: finger-bombing"
• Next in thread: carson@lehman.com: "crash security hole (Was: Re: finger-bombing, abuse timeout)"

On Wed, 12 Oct 1994, That Whispering Wolf... wrote:

> This does bring up an interesting idea for improvements to xinetd/inetd
> or whatever, though -- Why not have a config option that you can set so
> that if more than X number of requests for Y service were received from
> Z host in A time, the service shut off requests from that host for 
> 5/10/15 minutes. Would that feature really be useful, and be worth the
> overhead? Personally, -I- don't think so, but if your site comes under
> regular attacks from such things, it may be a handy feep to have. Now, if
> someone would just code it. *grin*

Think it's been done already for some services like 'rusers'.  Mind
you, this is just a rumor.  Your milage may vary.

(In other words, I don't know if it's an rusers thing, an RPC thing,
a portmapper thing, or an inetd thing.)

I *do* know that init does it for respawning gettys.  So, if a
hardware failure causes getty to quit repeatedly, it doesn't chew cpu
time.

ObBug: The shell escape from 'crash' on SunOS... file descriptors are
left open to /dev/kmem and /dev/mem, among other things.

 % crash
 dumpfile = /dev/mem, ....
 > !/bin/sh
 % strings <&9 >/tmp/out &
 % id
  ....  egid=2(kmem)  ....

Ooops.  I understated the problem.
--
Charles Howes -- chowes@helix.net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971   

• Next message: Tom Fitzgerald: "Re: finger-bombing"
• Previous message: Charles Howes: "Re: finger-bombing"
• In reply to: That Whispering Wolf...: "Re: finger-bombing"
• Next in thread: carson@lehman.com: "crash security hole (Was: Re: finger-bombing, abuse timeout)"