Linux Today: Linux News On Internet Time.

DoS against inetd?

Sep 12, 1999, 15:21 (7 Talkback[s])
(Other stories by Dave Whitinger)

A long thread on Bugtraq regarding a method of remotely disabling a server's inetd programs has been brought to a conclusion.

The thread started when a concerned person noticed that if you can connect and disconnect from a service running out of inetd (such as telnet, ftp, finger, etc), in time you will disable that service altogether.

You can try it on your own machine with this command:

while true ; do (echo "quit" | telnet localhost 21) ; done

Within 30 seconds, it should start "Refusing connections", and your FTP server is down.

To restart it, send a HUPSIG to inetd, with `killall -HUP inetd`.

The problem is that you are hitting a builtin connection limit for inetd. The default is to disable a service if more than 40 instances are started in a 60 second period.

You can increase this limit in the inetd.conf file. For example, to increase the limit on telnet to 256, change:

telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
telnet stream tcp nowait.256 root /usr/sbin/tcpd in.telnetd

and it will then require 256 hits in 60 seconds before disabling the port.

If you're very concerned, you can add a cron job to periodically send a HUPSIG to inetd, to ensure that you'll always be able to login, even if the limit is reached.