Date: Sun, 20 Dec 1998 06:58:01 -0800 From: "Joseph T. Lee" <nugundam@la.best.com> To: security@FreeBSD.ORG Subject: Re: nmap crashes inetd/portmap on 2.2.6 Message-ID: <19981220065801.A16429@la.best.com> In-Reply-To: <3.0.32.19981219170558.0080a8c0@www.dlc.cybertime.ch>; from Rico Pajarola on Sat, Dec 19, 1998 at 05:10:36PM %2B0100 References: <3.0.32.19981219170558.0080a8c0@www.dlc.cybertime.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 19, 1998 at 05:10:36PM +0100, Rico Pajarola wrote: > portscanning with nmap results in inetd crashing/hanging on FBSD 2.2.6 > which makes an excellent DoS attack. Portmap is also affected, inetd hangs > initializing rpc/udp services when you HUP it, making it somewhat more > complicated to recover, as you'll have to restart all rpc services (in the > correct order). It is not always reproducible (sometimes you need to try > several times with different flags to nmap). I couldn't crash inetd on > FBSD-Current (may 28 1998) so I guess it has been fixed. Are there any > known issues I missed? other os are vulnerable as well (still testing). If I strobe my FreeBSD 3.0-current system, it gets to the point where it looks like a DoS attack: Dec 20 06:51:43 greenwood3 /kernel: icmp-response bandwidth limit 585/100 pps Dec 20 06:51:44 greenwood3 identd[32580]: warning: can't get client address: Socket is not connected Dec 20 06:51:44 greenwood3 /kernel: icmp-response bandwidth limit 295/100 pps Dec 20 06:51:45 greenwood3 identd[32584]: getbuf: bad address (000186c0 not in f0100000-0xFFC00000) - ofile Dec 20 06:51:45 greenwood3 identd[32584]: k_getuid retries: 1 Dec 20 06:51:45 greenwood3 /kernel: icmp-response bandwidth limit 219/100 pps Dec 20 06:51:46 greenwood3 /kernel: icmp-response bandwidth limit 322/100 pps Dec 20 06:51:47 greenwood3 syslogd: /dev/console: Too many open files in system: Too many open files in system Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files in system Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files in system Dec 20 06:51:47 greenwood3 /kernel: file: table is full Then the rest of the log line are the file table being full, utmp problems, and bouncing off Matt's icmp-response limits.. :) Of course all the packets were going so fast because it was going through lo0, but it could be just as well flooded from an external interface. Killed the compile of wine I was working on also.. -- Joseph nugundam =best=com==/==\=IIGS=/==\=Playstation=/==\=Civic HX CVT=/==\ # Anime Expo 1998 >> www.anime-expo.org/ > # Redline Games >> www.redlinegames.com/ > # Cal-Animage Epsilon >> www.best.com/~nugundam/epsilon/ > # EX: The Online World of Anime & Manga >> www.ex.org/ / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981220065801.A16429>