Bug 9810

Summary: ftp DoS attack
Product: [Retired] Red Hat Linux Reporter: Leonid Kanter <leon>
Component: inetdAssignee: Jeff Johnson <jbj>
Status: CLOSED WORKSFORME QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 6.2CC: bugzilla, yiango
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-05-15 11:52:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Leonid Kanter 2000-02-27 11:20:14 UTC
Any script kiddie may stop ftp service on any RedHat-based box using
diewa170.exe from http://neworder.box.sk/showme.php3?id=1465. inetd stop
service with message:

Feb 27 12:48:37 myhost inetd[2548]: ftp/tcp server failing (looping),
service terminated

for 10 minutes. After 10 minutes, the above mentioned script kiddie may use
his tool again and again, so ftp service will not be available for long
time until admin discover it and install firewall rule.

Possible solution may be using xinetd with per_source=5 instead of inetd,
as in TurboLinux. Good reason for bugtraq discussion and errata update,
isn't it?

Comment 1 Jeff Johnson 2000-08-11 17:29:09 UTC
xinted is in Red Hat 7.0, that should help dealing with DoS attacks.