SecurityFocus

11 years of inetd default insecurity? Sep 06 2003 02:08PM
3APA3A (3APA3A SECURITY NNOV RU) (5 replies)

Re: 11 years of inetd default insecurity? Sep 09 2003 05:17PM
Darren Pilgrim (dmp bitfreak org)

Re: 11 years of inetd default insecurity? Sep 08 2003 11:24PM
Dan Harkless (bugtraq harkless org)

Re: 11 years of inetd default insecurity? Sep 08 2003 05:50PM
Mike Tancsa (mike sentex net) (1 replies)

Re: 11 years of inetd default insecurity? Sep 09 2003 02:07PM
Jonathan A. Zdziarski (jonathan nuclearelephant com) (1 replies)

Re: 11 years of inetd default insecurity? Sep 10 2003 06:47PM
Greg A. Woods (woods weird com)

Re: 11 years of inetd default insecurity? Sep 08 2003 01:46AM
Thamer Al-Harbash (tmh whitefang com) (1 replies)

Re: 11 years of inetd default insecurity? Sep 08 2003 07:44PM
Dan Stromberg (strombrg dcs nac uci edu) (1 replies)

On Sun, 2003-09-07 at 18:46, Thamer Al-Harbash wrote:
> On Sat, 6 Sep 2003, 3APA3A wrote:
>
> > Dear bugtraq (at) securityfocus (dot) com [email concealed],
> >
> > Well, we all blame Microsoft in insecure default configuration... Isn't
> > it time to clean outdated code in Unix?
>
> This has been a known problem for quite a while. In fact
> D. J. Bernstein already solved it with tcpserver:
>
> http://cr.yp.to/ucspi-tcp.html
>
> If you look at the bottom he points out pretty much what you
> pointed out.

So DJB's program basically has a large listen queue, and goes into
queue-only mode after 40 concurrent connections?

If that's the case, then there's still a DOS - just fill the listen
queue with so much stuff that connections aren't serviced for a long
time.

--
Dan Stromberg DCS/NACS/UCI <strombrg (at) dcs.nac.uci (dot) edu [email concealed]>

[ reply ]

Re: 11 years of inetd default insecurity? Sep 10 2003 06:40AM
Andres Kroonmaa (andre online ee)

Re: 11 years of inetd default insecurity? Sep 07 2003 09:59PM
Dagmar d'Surreal (dagmar wants nospam com) (1 replies)

Re: 11 years of inetd default insecurity? Sep 08 2003 10:46PM
Mike Hoskins (mike adept org)