All this script is really, is the good old octopus from WAY back. It looks like we're seeing a resurfacing of older exploits lately. Probably due to not patching them correctly the first time. Regardless xinetd is superior to inetd and we should be running that. Many MANY daemons don't like being connected too multi times. IE proftpd called from the inetd will completely choke, as will sshd... as new processes spawned kills the available memory. On Tue, 15 Sep 1998, Chris Conner wrote: > As far as I can see, all this script does is make a large number of > connections to a single port. The inetd man pages allow you to put an > argument after 'wait' or 'nowait' in inetd.conf for any service. (wait.256) > this allows 256 connections in a minute, compared to the default 40. This > script will still kill the port when it is set to 256, so maybe someone can > hack something up to make inetd allow more than 256 connections in under a > minute? Hacking it to allow more connections isn't the solution by a long shot. LIMITING the incoming connections from that particular ip (like what xinetd already does) is a much better solution. Otherwise extra memory is needless wasted and log files become huge (imagine this going for a few days). Old versions of octopus are available from rootshell, so... enjoy script kiddies while the rest of us are stuck with fixing this. Type Bits/KeyID Date User ID pub 1024/D8A02995 1998/08/01 aeonflux -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAzXDUqkAAAEEAOk1bNIRtoJfHRooAQ8UrBDVoHdMSCP5bXbY0DjdLCuGFi5T YU/ZwDuTQGrjXBwnbO7Dnn1A1g0RL/6JAWHE4sKJ1mSPxwBu1mmYNuKyGHPgLrn0 BZAl86QO+tZ4JmnJT8YQwpCaa0S4cYSHQbcbjL07oN0Jqir/Cs/vNOXYoCmVAAUR tAhhZW9uZmx1eIkAlQMFEDXDUqrP7zTl2KAplQEBX1sEALbpKbxD5YNcnPNPqozf MLqguIhKRVIKSF27HL8GP+GQLlGWGbqTnyC9xmypZR0FvJT7pls3tXNe4YNU97HW YMPit5WxcuxOjj1/edfoG/PN5sVLxPpQwVcpAPspUl8Mrl6YdYUANFH7a95NaOFH Ir7UE/uXHWpucqXn+OWe4wz2 =gfkQ -----END PGP PUBLIC KEY BLOCK-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:18:22 PDT