|
|
BugTraq
11 years of inetd default insecurity? Sep 06 2003 02:08PM 3APA3A (3APA3A SECURITY NNOV RU) (5 replies) Re: 11 years of inetd default insecurity? Sep 08 2003 05:50PM Mike Tancsa (mike sentex net) (1 replies) Re: 11 years of inetd default insecurity? Sep 09 2003 02:07PM Jonathan A. Zdziarski (jonathan nuclearelephant com) (1 replies) Re: 11 years of inetd default insecurity? Sep 08 2003 01:46AM Thamer Al-Harbash (tmh whitefang com) (1 replies) Re: 11 years of inetd default insecurity? Sep 08 2003 07:44PM Dan Stromberg (strombrg dcs nac uci edu) (1 replies) Re: 11 years of inetd default insecurity? Sep 07 2003 09:59PM Dagmar d'Surreal (dagmar wants nospam com) (1 replies) |
|
Privacy Statement |
> So DJB's program basically has a large listen queue, and goes into
> queue-only mode after 40 concurrent connections?
>
> If that's the case, then there's still a DOS - just fill the listen
> queue with so much stuff that connections aren't serviced for a long
> time.
I wonder how many years it takes for people to realise that DOS based on
service flooding is not something you can be immune to. Does it really
take one DDOS per person to realise this simple truth? For every single
method you invent there are 10 other methods to smash your box into nirvana
anyway.
Purpose of inetd was never security, nor protection of box from stupid
applications it is called to start that can consume all resources.
Inetd fulfills its purpose. If you need more, you need something else.
If you want security separation, use state-tracking firewall. If you want
to be immune from DOS, unplug from internet. All else is pointless whining.
Imagining that inetd should evolve into strong firewall is as bizarre as
it can get.
------------------------------------
Andres Kroonmaa <andre (at) online (dot) ee [email concealed]>
CTO, Microlink Data AS
Tel: 6501 731, Fax: 6501 725
Pärnu mnt. 158, Tallinn
11317 Estonia
[ reply ]