>Another nmap-induced denial-of-service is against many machines inetd's >when doing a TCP connect() scan (-sT) with the result of killing the inetd >process. I've found that Digital Unix and Irix have been vulnerable to >this. I cannot reliably reproduce the problem[*] and have not tested it >against xinetd. The TCP scan seems to be wide spread under inetd. It's caused by the inetd "internal" TCP services; when a connection is made and closed before a response can be send, inetd will die with SIGPIPE. This affects the services that do not fork() prior to running; discard, echo and chargen do fork(), I believe, but time and daytime only send a single respone and fork()ing wasn't deemed necessary. It does affect Solaris prior to Solaris 7 (where it was fixed before it was understood how easy it was to trigger) Casper
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:26:07 PDT