Date: Sun, 22 Jun 1997 21:46:04 -0700 (PDT) From: Jim Shankland <jas@flyingfox.com> To: danny@panda.hilink.com.au Cc: freebsd-security@FreeBSD.ORG Subject: Re: Simple TCP service can hang a system (fwd) Message-ID: <199706230446.VAA19002@biggusdiskus.flyingfox.com>
next in thread | raw e-mail | index | archive | help
Daniel O'Callaghan <danny@panda.hilink.com.au> quotes Willy TARREAU <tarreau@AEMIAIF.IBP.FR> as follows: > I've noticed that inetd doesn't check the source port for the request > to UDP simple services (echo, time, chargen, daytime). > > This means it is possible to build a packet which will look like it > comes from one of these ports, to one of these ports. In this case, > each UDP response from the simple service will generate a new request > to the source port and the system or network can be quickly > overloaded. Of course, I don't see any reason to make these services available across administrative boundaries (or zones of trust), anyway. They're routinely firewalled off anywhere I've been around :-). Jim Shankland Flying Fox Computer Systems, Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706230446.VAA19002>