|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
iplogger-1.1+ident
Matt Watson (sideshow
SATURN.TERAHERTZ.NET)Wed, 21 Oct 1998 22:27:58 -0500
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Ben Collins: "Re: SVGATextMode 1.8 /tmp race"
- Previous message: Joel Eriksson: "ospf_monitor (Solaris 2.5)"
- Next in thread: Brian Mitchell: "Re: iplogger-1.1+ident"
Hello, today i was wondering around sunsite and noticed a newer version of iplogger there: ftp://sunsite.unc.edu/pub/Linux/system/network/daemons/iplogger-ident-1.1.tar.gz Anyways i decided to take a look at the new code at the first thing that popped right out was: while (1) { read(s, (struct ippkt *) &pkt, 9999); if (pkt.tcp.syn == 1 && pkt.tcp.ack == 0) { if (!fork()) { /* double fork() */ if (!fork()) { /* to avoid zombies */ openlog("tcplogd", 0, LOG_DAEMON); ^^ lines 34-39 now then, that double fork... thats well uhm evil. That has remote fork-bomb written all over it. just load up your favorite port scanner and scan away and watch your machine fork like crazy! Anyways just another comment on the new iplogger, it seems it only logs connections to ports which are not open? I dunno about everybody else but personally i'd rather know who is connecting to ports I do have open rather than who is trying to connect to ports i don't have open. Anyways thats my 2 cents. -/- Matt Watson TeraHertz Communications Administrator For quality web space and shells checkout www.terahertz.net
- Next message: Ben Collins: "Re: SVGATextMode 1.8 /tmp race"
- Previous message: Joel Eriksson: "ospf_monitor (Solaris 2.5)"
- Next in thread: Brian Mitchell: "Re: iplogger-1.1+ident"