|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: 11 years of inetd default insecurity?
From: Darren Pilgrim (dmp
bitfreak.org)
Date: Tue Sep 09 2003 - 12:17:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2003.09.06 18:08:22 +0400, 3APA3A <3APA3ASECURITY.NNOV.RU> wrote:
> II. Who is vulnerable
>
> Any system shipped with network daemons launched through inetd
> (FreeBSD, SuSE, Red Hat, etc.).
FreeBSD doesn't run anything through inetd by default. You have to
manually edit inetd.conf to enable anything, and there is a warning
screen during the install process about doing so.
Additionally, FreeBSD's stock inetd has the following options:
-c maximum
Specify the default maximum number of simultaneous
invocations of each service; the default is unlimited.
May be overridden on a per-service basis with the
"max-child" parameter.
-C rate
Specify the default maximum number of times a service can
be invoked from a single IP address in one minute; the
default is unlimited. May be overridden on a per-service
basis with the "max-connections-per-ip-per-minute"
parameter.
-R rate
Specify the maximum number of times a service can be
invoked in one minute; the default is 256. A rate of 0
allows an unlimited number of invocations.
-s maximum
Specify the default maximum number of simultaneous
invocations of each service from a single IP address; the
default is unlimited. May be overridden on a per-service
basis with the "max-child-per-ip" parameter.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]