Date: Thu, 26 Jul 2001 00:40:17 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Shawn Ramsey <shawn@megadeth.org> Cc: questions@FreeBSD.ORG Subject: Re: telnetd problem? Message-ID: <20010726004017.A42068@xor.obsecurity.org> In-Reply-To: <007701c115a5$7918a550$de48a93f@shawn>; from shawn@megadeth.org on Thu, Jul 26, 2001 at 12:14:43AM -0700 References: <007701c115a5$7918a550$de48a93f@shawn>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thu, Jul 26, 2001 at 12:14:43AM -0700, Shawn Ramsey wrote: > We seem to be getting some port 23 IRC probes or something. This is causing > a bunch of telnetd daemons to start, and they never die. So the number of > telnetd daemons grow until running on of ptys. Short of blocking telnetd > access, is there anything than can be done about this? There are dozens of > telnetd daemons open, and no active port 23 traffic. Why won't they die? There's an exploit which involves sending 16MB of data to the telnetd server. People are probably doing that and it's (predictably) taking a long time to complete. Restrict connections to telnetd or use inetd's rate/child-limiting facilities. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7X8lgWry0BWjoQKURAsA0AJ4m988BvwnQWux8VxVXbQYu+NVUogCffM56 IsOVEAEAVlCHmcyihmBuKss= =OcGy -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010726004017.A42068>