lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F5EF185.26987.22C7C6C6@localhost>
Date: Wed, 10 Sep 2003 09:40:21 +0300
From: "Andres Kroonmaa" <andre@...ine.ee>
To: bugtraq@...urityfocus.com
Subject: Re: 11 years of inetd default insecurity?


On 8 Sep 2003, at 12:44, Dan Stromberg <strombrg@....nac.uci.edu> wrote:

> So DJB's program basically has a large listen queue, and goes into
> queue-only mode after 40 concurrent connections?
> 
> If that's the case, then there's still a DOS - just fill the listen
> queue with so much stuff that connections aren't serviced for a long
> time.

 I wonder how many years it takes for people to realise that DOS based on
 service flooding is not something you can be immune to. Does it really
 take one DDOS per person to realise this simple truth? For every single
 method you invent there are 10 other methods to smash your box into nirvana
 anyway.

 Purpose of inetd was never security, nor protection of box from stupid
 applications it is called to start that can consume all resources.
 Inetd fulfills its purpose. If you need more, you need something else.

 If you want security separation, use state-tracking firewall. If you want
 to be immune from DOS, unplug from internet. All else is pointless whining.
 Imagining that inetd should evolve into strong firewall is as bizarre as
 it can get.


------------------------------------
 Andres Kroonmaa <andre@...ine.ee>
 CTO, Microlink Data AS
 Tel: 6501 731, Fax: 6501 725
 Pärnu mnt. 158, Tallinn
 11317 Estonia


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ