---

DoS against inetd?

A long thread on Bugtraq regarding a method of remotely
disabling a server’s inetd programs has been brought to a
conclusion.

The thread started when a concerned person noticed that if you
can connect and disconnect from a service running out of inetd
(such as telnet, ftp, finger, etc), in time you will disable that
service altogether.

You can try it on your own machine with this command:

while true ; do (echo “quit” | telnet localhost 21) ;
done

Within 30 seconds, it should start “Refusing connections”, and
your FTP server is down.

To restart it, send a HUPSIG to inetd, with `killall -HUP
inetd`.

The problem is that you are hitting a builtin connection limit
for inetd. The default is to disable a service if more than 40
instances are started in a 60 second period.

You can increase this limit in the inetd.conf file. For example,
to increase the limit on telnet to 256, change:

telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
To:
telnet stream tcp nowait.256 root /usr/sbin/tcpd in.telnetd

and it will then require 256 hits in 60 seconds before disabling
the port.

If you’re very concerned, you can add a cron job to periodically
send a HUPSIG to inetd, to ensure that you’ll always be able to
login, even if the limit is reached.