Bug 78104 - xinetd / ftp DOS attack
Summary: xinetd / ftp DOS attack
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: xinetd
Version: 7.3
Hardware: i386
OS: Linux
high
high
Target Milestone: ---
Assignee: Trond Eivind Glomsrxd
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On: 77074
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-11-19 03:12 UTC by Stephen Samuel
Modified: 2005-10-31 22:00 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2002-12-03 20:24:19 UTC
Embargoed:

Attachments (Terms of Use)

Description Stephen Samuel 2002-11-19 03:12:34 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021111

Description of problem:
Opening and then quickly closing multiple sessions to ftp can cause a hang. 
This may be an xinetd problem or a kernel problem

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. start up xinetd with ftp
2. wait for an attack.
3.
	

Actual Results:  a connection to port 21 will result in only 
syn-ack  packets -- as if subsequent incomming packets aren't
even recieved.

Doesn't even respond to a fin-ack or rst packet

Expected Results:  Should respond properly to subsequent packets.

Additional info:

This is related to bug 77074. (more notes and attachments there)

These DOS attacks may be the only way that these lockups are likely to occur, 
or the DOS may be just be exploiting the bug that caused the original lockups.

NB: The machine that locks up is a dual processor box with multiple IP addresses.
(This may or may not have something to do with the problem)

associated RPMs:
ftp-0.17-13
wu-ftpd-2.6.2-5
anonftp-4.0-9
ncftp-3.1.3-3
ftpcopy-0.3.9-1
xinetd-2.3.9-0.73
kernel-bigmem-2.4.18-18.7.x
Note You need to log in before you can comment on or make changes to this bug.