On Sun, 30 Nov 1997, moOd wrote: > Description: > > I've found that inetd on (*atleast*) Debian distribution of LiNUX crashes > when port 13 (daytime) / port 37 (time) is "half-open scanned".. The problem is two fold. First, inetd is dying because it receives a SIGPIPE when it tries to write to the socket returned by accept since it does not install a signal handler for it. To fix install a signal handler for SIGPIPE. I belive the latest version of NetKit already does this. Now you may be wondering why does a write to the socket returned by accept() generates a SIGPIPE. This bring us to the second issue. It seems that at least under Linux 2.0.X accept will return a socket in the received queue if it is not in the SYN_SENT or SYN_RECV state, even when it has not gone through the ESTABLISHED state. By doing a stealth scan on the port the socket goes from the SYN_RECV state to the CLOSED state. When you try to read from such a socket you get a SIGPIPE. The sematics of Linux's accept seems to be non-standard. I wonder what else breaks by not handling SIGPIPE. Aleph One / aleph1at_private http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:33:59 PDT