Bug 78104 - xinetd / ftp DOS attack
xinetd / ftp DOS attack
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: xinetd (Show other bugs)
7.3
i386 Linux
high Severity high
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
Brock Organ
:
Depends On: 77074
Blocks:
  Show dependency treegraph
 
Reported: 2002-11-18 22:12 EST by Stephen Samuel
Modified: 2005-10-31 17:00 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-12-03 15:24:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stephen Samuel 2002-11-18 22:12:34 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021111

Description of problem:
Opening and then quickly closing multiple sessions to ftp can cause a hang. 
This may be an xinetd problem or a kernel problem

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. start up xinetd with ftp
2. wait for an attack.
3.
	

Actual Results:  a connection to port 21 will result in only 
syn-ack  packets -- as if subsequent incomming packets aren't
even recieved.

Doesn't even respond to a fin-ack or rst packet

Expected Results:  Should respond properly to subsequent packets.

Additional info:

This is related to bug 77074. (more notes and attachments there)

These DOS attacks may be the only way that these lockups are likely to occur, 
or the DOS may be just be exploiting the bug that caused the original lockups.

NB: The machine that locks up is a dual processor box with multiple IP addresses.
(This may or may not have something to do with the problem)

associated RPMs:
ftp-0.17-13
wu-ftpd-2.6.2-5
anonftp-4.0-9
ncftp-3.1.3-3
ftpcopy-0.3.9-1
xinetd-2.3.9-0.73
kernel-bigmem-2.4.18-18.7.x

Note You need to log in before you can comment on or make changes to this bug.