From: "Wolfpaw - Dale Corse" <admin@wolfpaw.net>
To: <alan@lxorguk.ukuu.org.uk>
Cc: <peter@mysql.com>, <linux-kernel@vger.kernel.org>, <netdev@oss.sgi.com>
Subject: RE: Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified)Denial of Service Attack
Date: Sun, 12 Sep 2004 12:40:56 -0600 [thread overview]
Message-ID: <002501c498f8$0a4ebc20$0200a8c0@wolf> (raw)
In-Reply-To: <02b201c498f6$8bb92540$0300a8c0@s>
Hi Alan,
My inetd is not the old one, it is in Slackware 10.0..
apparently 1.79s, still works here. (the s added by
The slackware group according to the readme:
/* $Slackware: inetd.c 1.79s 2001/02/06 13:18:00 volkerdi Exp $ */
/* $OpenBSD: inetd.c,v 1.79 2001/01/30 08:30:57 deraadt Exp $ */
/* $NetBSD: inetd.c,v 1.11 1996/02/22 11:14:41 mycroft Exp $ */
/*
It still dies pretty fast :( Willy is probably right, in that
the bug is application level in this case. Can you explain
though, how it is appropriate to have no timeout on CLOSE_WAIT.
Lets assume (such as the case with the mysql bug), that it is
created, and for some reason never addressed.. The end case being
mysql reporting "Too many Connections". That would make me assume
these connections are still "alive" (perhaps I am assuming wrong?)
and could still cause issues with other services, if the volume of
them was to get too high.
It still seems prudent to me to have some kind of timeout (2 hours,
or something?) to have it expuldge the connection, because obviously,
it isn't going to voluntarily close.
This bug also exists with Apache, the default config of SSH,
and anything controlled by inetd. This is the vast majority of
popular services on a regular internet server.. That is bad, no?
D.
> -----Original Message-----
> From: Alan Cox [mailto:alan@lxorguk.ukuu.org.uk]
> Sent: Sunday, September 12, 2004 11:17 AM
> To: Willy Tarreau
> Cc: Wolfpaw - Dale Corse; peter@mysql.com; Linux Kernel
> Mailing List; netdev@oss.sgi.com
> Subject: Re: Linux 2.4.27 SECURITY BUG - TCP Local and
> REMOTE(verified)Denial of Service Attack
>
>
> On Sul, 2004-09-12 at 18:59, Willy Tarreau wrote:
> > The problem is within inetd. In my case it could be because it was a
> > bit old (1999), but since you have it too,
>
> Ancient inetd had several fd leak bugs fixed over time and
> some other problems with built in services. Not much of a
> suprise that a 1999 inetd has it.
>
> Alan
>
>
> --------------------------------------------------------------
> --------------
> -
> This message has been scanned for Spam and Viruses by ClamAV
> and SpamAssassin
> --------------------------------------------------------------
> --------------
> -
>
>
>
>
>
next parent reply other threads:[~2004-09-12 18:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <02b201c498f6$8bb92540$0300a8c0@s>
2004-09-12 18:40 ` Wolfpaw - Dale Corse [this message]
2004-09-12 18:01 ` Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified)Denial of Service Attack Alan Cox
2004-09-12 19:48 ` Willy Tarreau
[not found] <029201c498d8$dff156f0$0300a8c0@s>
[not found] ` <001c01c498df$8d2cd0f0$0200a8c0@wolf>
2004-09-12 17:59 ` Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denial " Willy Tarreau
2004-09-12 17:17 ` Alan Cox
2004-09-12 18:18 ` Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='002501c498f8$0a4ebc20$0200a8c0@wolf' \
--to=admin@wolfpaw.net \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
--cc=peter@mysql.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).