lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 9 Sep 2003 10:17:12 -0700
From: Darren Pilgrim <dmp@...freak.org>
To: 3APA3A <3APA3A@...URITY.NNOV.RU>
Cc: bugtraq@...urityfocus.com
Subject: Re: 11 years of inetd default insecurity?


On 2003.09.06 18:08:22 +0400, 3APA3A <3APA3A@...URITY.NNOV.RU> wrote:
> II. Who is vulnerable
> 
> Any system shipped with network daemons launched through inetd
> (FreeBSD, SuSE, Red Hat, etc.).

FreeBSD doesn't run anything through inetd by default.  You have to
manually edit inetd.conf to enable anything, and there is a warning
screen during the install process about doing so.

Additionally, FreeBSD's stock inetd has the following options:

     -c maximum
             Specify the default maximum number of simultaneous
             invocations of each service; the default is unlimited.
             May be overridden on a per-service basis with the
             "max-child" parameter.

     -C rate
             Specify the default maximum number of times a service can
             be invoked from a single IP address in one minute; the
             default is unlimited.  May be overridden on a per-service
             basis with the "max-connections-per-ip-per-minute"
             parameter.

     -R rate
             Specify the maximum number of times a service can be
             invoked in one minute; the default is 256.  A rate of 0
             allows an unlimited number of invocations.

     -s maximum
             Specify the default maximum number of simultaneous
             invocations of each service from a single IP address; the
             default is unlimited.  May be overridden on a per-service
             basis with the "max-child-per-ip" parameter.


Powered by blists - more mailing lists