Date: Fri, 23 Jul 1999 15:00:30 +0200 From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, Brian Feldman <green@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/inetd builtins.c inetd.h Message-ID: <19990723150030.A10047@internal> In-Reply-To: <xzpr9lzbrno.fsf@flood.ping.uio.no>; from Dag-Erling Smorgrav on Fri, Jul 23, 1999 at 12:13:15PM %2B0200 References: <199907222111.OAA65792@freefall.freebsd.org> <19990723112812.A3847@internal> <xzpr9lzbrno.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 23-Jul-1999 at 12:13:15 +0200, Dag-Erling Smorgrav wrote: > Andre Albsmeier <andre.albsmeier@mchp.siemens.de> writes: > > While you are so busy with inetd the last time (thanks, btw) > > I observed some kind of denial of service on -STABLE: I was > > playing with the new nmap and did a 'nmap -sU printfix'. > > For those not familiar with nmap, this is a UDP scan: > > -sU UDP scans: This method is used to determine which > UDP (User Datagram Protocol, RFC 768) ports are > open on a host. The technique is to send 0 byte > udp packets to each port on the target machine. If > we receive an ICMP port unreachable message, then > the port is closed. Otherwise we assume it is > open. Yes, I knew. I think, I didn't describe the problem clearly so I will try again :-) 1. I run 'nmap -sU printfix' on the 192.168.17.100 machine. 2. After nmap has finished it shows me the open ports. 3. We wait , e.g. 1 minute 4. inetd, which runs with -l, continues logging to syslogd and never stops. Here is a top snapshot taken one minute later: last pid: 4040; load averages: 0.96, 0.56, 0.29 up 0+06:19:27 14:56:00 36 processes: 2 running, 34 sleeping CPU states: 54.3% user, 0.0% nice, 41.9% system, 3.9% interrupt, 0.0% idle Mem: 8500K Active, 37M Inact, 12M Wired, 3428K Cache, 7592K Buf, 532K Free Swap: 49M Total, 49M Free PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 3748 root 58 0 956K 704K RUN 0:20 44.97% 44.97% inetd 122 root 2 0 848K 576K select 3:10 36.47% 36.47% syslogd 127 root 2 0 1588K 1228K select 0:05 0.00% 0.00% named 200 root 2 0 876K 524K select 0:02 0.00% 0.00% lpd 132 root 2 -52 1236K 732K select 0:02 0.00% 0.00% xntpd In case we start inetd without -l, it doesn't log to syslogd anymore and therefore consumes all the CPU for itself: last pid: 4397; load averages: 1.59, 1.10, 0.55 up 0+06:22:14 14:58:47 111 processes: 2 running, 109 sleeping CPU states: 61.2% user, 0.0% nice, 38.0% system, 0.8% interrupt, 0.0% idle Mem: 10M Active, 30M Inact, 14M Wired, 3776K Cache, 7592K Buf, 3688K Free Swap: 49M Total, 49M Free PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 4043 root 104 0 956K 740K RUN 1:33 97.66% 97.61% inetd 122 root 2 0 848K 576K select 3:16 0.00% 0.00% syslogd 127 root 2 0 1588K 1228K select 0:05 0.00% 0.00% named Remember that nmap has finished already a long time ago. I think, inetd is stuck in some loop which can be terminated only by killing and restarting it. -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990723150030.A10047>