>From owner-bugtraq@NETSPACE.ORG Thu May 23 23:12:14 1996 >Approved-By: ALEPH1@UNDERGROUND.ORG >Approved-By: Justin Beech <jb.sg@FP.CIBC.COM> >Date: Fri, 24 May 1996 09:56:48 +0800 >From: Justin Beech <jb.sg@fp.cibc.com> >Subject: denial of service - inetd on solaris 2.4? >To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG> > >I discovered on our solaris 2.4 boxes, that if you telnet to >the discard port, then quit telnet (using control-right-bracket >and quit), you leave a single inetd running in an infinite >read loop. Do this twice, and you get two inetds running... yeah we found the same thing when building WAN probeing tools. :-) > >obviously you can quickly bog the machine down to a standstill.. >This doesnt happen on solaris 2.5, so I guess it is some >inetd bug thats been fixed? anyone know a 2.4 patch for this? Patch-ID# 102922-03 Synopsis: SunOS 5.4: inetd fixes BugId's fixed with this patch: 1175129 1202603 1217754 Changes incorporated in this version: 1217754 You should probably just turn off echo, discard, daytime and chargen as well. From the comment in inetd.conf: # Echo, discard, daytime, and chargen are used primarily for testing. > >Also: what I havent seen mentioned yet, the denial of service >attack is not just to bring down a box.. if one is employed on >Host A, which is trusted by Host B, then this allows >the network clear for the bad guy to impersonate Host A, (the >real Host A being effectively muzzled), thus get into >Host B. >If I remember correctly, this was one of Mitnicks tricks >against Shimomuras collection of machines. close enough. :-). This could potentially be used to bog down a NIS or other server to allow a faster response from a "bad guy" host. e.g., using denial of services to hedge a race condition. ======================================================================= Brad Powell : brad.powell@Sun.COM Sr. Network Security Consultant Sun Microsystems Inc. ======================================================================= The views expressed are those of the author and may not reflect the views of Sun Microsystems Inc. =======================================================================