Bug 14687 - Denial of Service attack on 6.2
Summary: Denial of Service attack on 6.2
Status: CLOSED DUPLICATE of bug 14876
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: inetd   
(Show other bugs)
Version: 6.2
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-07-26 22:09 UTC by Need Real Name
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-07-26 22:09:56 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Need Real Name 2000-07-26 22:09:54 UTC
> Hi,
> 
> I may have discovered a bug in Redhat 6.2 (only) which could be used for
> a successful Denial Of Service attack.
> 
> Using the services "time" or "daytime" - which under 6.2 inetd.conf are
> both internal services - you can create a tcp connection that remains in
> the CLOSE_WAIT state. For example:
> 
> nc host.to.be.attacked.com 37
> 
> (telnet can also be used)
> 
> will return a binary value and then hang. Hit ^C and repeat.
> 
> Each one of these will leave a tcp connection in the CLOSE_WAIT state on
> the attacked host and no tcp connection on the attacking host.
> 
> After doing enough of these you can create enough tcp sessions on the
> attacked host so that any further tcp connections are no longer
> possible. This seems to only work on 6.2 and also requires time or
> daytime to be uncommented in /etc/inetd.conf.
> 
> I cannot find an existing patch for this and I thought it serious enough
> to bring to your attention and hopefully have a fast fix created by
> Redhat.
> 
> Thanks
> 
> Jim Palfreyman
> 
> Telstra - Networking Tasmania.
> 
>

Comment 1 Jeff Johnson 2000-08-01 21:34:43 UTC

*** This bug has been marked as a duplicate of 14876 ***


Note You need to log in before you can comment on or make changes to this bug.