|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: 11 years of inetd default insecurity?
From: Dan Stromberg (strombrg
dcs.nac.uci.edu)
Date: Mon Sep 08 2003 - 14:44:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, 2003-09-07 at 18:46, Thamer Al-Harbash wrote:
> On Sat, 6 Sep 2003, 3APA3A wrote:
>
> > Dear bugtraqsecurityfocus.com,
> >
> > Well, we all blame Microsoft in insecure default configuration... Isn't
> > it time to clean outdated code in Unix?
>
> This has been a known problem for quite a while. In fact
> D. J. Bernstein already solved it with tcpserver:
>
> http://cr.yp.to/ucspi-tcp.html
>
> If you look at the bottom he points out pretty much what you
> pointed out.
So DJB's program basically has a large listen queue, and goes into
queue-only mode after 40 concurrent connections?
If that's the case, then there's still a DOS - just fill the listen
queue with so much stuff that connections aren't serviced for a long
time.
--
Dan Stromberg DCS/NACS/UCI <strombrgdcs.nac.uci.edu>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQA/XNw2o0feVm00f/8RApQTAJ0eBWm22bEzvvK0OygACceOpBKvCgCeP6Qa
z2hCaNNB5pVHl6lluQ5QH9g=
=S27F
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]