From owner-freebsd-questions  Thu Jul 26  0:40:21 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from obsecurity.dyndns.org (adsl-64-169-104-149.dsl.lsan03.pacbell.net [64.169.104.149])
	by hub.freebsd.org (Postfix) with ESMTP id E37CE37B405
	for <questions@FreeBSD.ORG>; Thu, 26 Jul 2001 00:40:18 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 150E067226; Thu, 26 Jul 2001 00:40:18 -0700 (PDT)
Date: Thu, 26 Jul 2001 00:40:17 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Shawn Ramsey <shawn@megadeth.org>
Cc: questions@FreeBSD.ORG
Subject: Re: telnetd problem?
Message-ID: <20010726004017.A42068@xor.obsecurity.org>
References: <007701c115a5$7918a550$de48a93f@shawn>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="cWoXeonUoKmBZSoM"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <007701c115a5$7918a550$de48a93f@shawn>; from shawn@megadeth.org on Thu, Jul 26, 2001 at 12:14:43AM -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Jul 26, 2001 at 12:14:43AM -0700, Shawn Ramsey wrote:
> We seem to be getting some port 23 IRC probes or something. This is causing
> a bunch of telnetd daemons to start, and they never die. So the number of
> telnetd daemons grow until running on of ptys. Short of blocking telnetd
> access, is there anything than can be done about this? There are dozens of
> telnetd daemons open, and no active port 23 traffic. Why won't they die?

There's an exploit which involves sending 16MB of data to the telnetd
server.  People are probably doing that and it's (predictably) taking
a long time to complete.  Restrict connections to telnetd or use
inetd's rate/child-limiting facilities.

Kris

--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7X8lgWry0BWjoQKURAsA0AJ4m988BvwnQWux8VxVXbQYu+NVUogCffM56
IsOVEAEAVlCHmcyihmBuKss=
=OcGy
-----END PGP SIGNATURE-----

--cWoXeonUoKmBZSoM--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message