Bug 9810 - ftp DoS attack
Summary: ftp DoS attack
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: inetd
Version: 6.2
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-02-27 11:20 UTC by Leonid Kanter
Modified: 2008-05-01 15:37 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2000-05-15 11:52:28 UTC
Embargoed:


Attachments (Terms of Use)

Description Leonid Kanter 2000-02-27 11:20:14 UTC
Any script kiddie may stop ftp service on any RedHat-based box using
diewa170.exe from http://neworder.box.sk/showme.php3?id=1465. inetd stop
service with message:

Feb 27 12:48:37 myhost inetd[2548]: ftp/tcp server failing (looping),
service terminated

for 10 minutes. After 10 minutes, the above mentioned script kiddie may use
his tool again and again, so ftp service will not be available for long
time until admin discover it and install firewall rule.

Possible solution may be using xinetd with per_source=5 instead of inetd,
as in TurboLinux. Good reason for bugtraq discussion and errata update,
isn't it?

Comment 1 Jeff Johnson 2000-08-11 17:29:09 UTC
xinted is in Red Hat 7.0, that should help dealing with DoS attacks.


Note You need to log in before you can comment on or make changes to this bug.