DOS against SuSE's identd

From: Peter Eriksson (peterat_private)
Date: Tue Aug 17 1999 - 01:56:46 PDT

Next message: Ben Lull: "Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1"

Previous message: acpizer: "Re: Question on Solaris LC_MESSAGES libc exploit"
Next in thread: Danton Nunes: "Re: DOS against SuSE's identd"
Maybe reply: Danton Nunes: "Re: DOS against SuSE's identd"
Maybe reply: Alan Brown: "Re: DOS against SuSE's identd"
Reply: Seth R Arnold: "Re: DOS against SuSE's identd"
Reply: Volker Wiegand: "Re: DOS against SuSE's identd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hendrik Scholz <hendrikat_private> writes:

>The inetd.conf starts the identd with the options -w -t120 -e.
>This means that one identd process waits 120 seconds after
>answering the first request to answer later request.
>Lets say we start 100 requests in a short period.
>Due to the fact that it takes time to answer one request
>more identd's will be started each eating up about 900kb
>memory and waiting 120 seconds before terminating.
>I tested this behaviour on different machines with different
>hardware (RAM, Swap, NIC).
>Each machine becomes unusable after some seconds.
>This bug is in _every_ SuSE Version at least since 4.4.
>SuSE seems not to be interested in this bug becaus they
>did not answer any of my mails.

This bug is probably due to some incompatibility between
SuSE's inetd daemons handling of 'stream tcp' & 'wait' servers
and the way Pidentd expects it to be handled.

The "normal" (as normal as it can be since 'stream tcp wait'
normally is not a supported configuration) thing that should
happen is that Inetd should start _one_ Pidentd, which then
should handle all new requests in sub-processes, which should
die immediately after the request has been handled. In the Suse
case it seems (my guess) that Inetd keeps on starting new
Pidentd's...

Anyway, I nowadays _generally_ recommend people to stay away from
the "-w" stuff in Pidentd due to the problems with the behaviours
of various Inetd implementations...

I recommend instead that people get the latest version of Pidentd
(version 3.0.7 as of this writing) which uses multithreaded instead
of forking subprocesses - this can reduce the load on systems
significantly).

Pidentd 3.0.7 (and later) can be downloaded from:

	ftp://ftp.lysator.liu.se/pub/ident/servers

Here's the PGP Signature of that file:

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: D750KrTMC9lSc8xPJqIOoI5ldgh6QDYj

iQCVAwUAN7c0a0GVHk0UMIghAQH7/wP8DV9NyDrPxMfa8lxSRMrGK8/kNSeKU+Z0
G+eX267t7WpjlP3puVchb7lp7zbtYlJhd6jyuxzwFJrGZs6GJGgT8B6vtFYqfYFm
9n5DAylzrTezWYUEkTQpy4UV+w1gVTa7+/qJcbkTm2rJaPaxp11duf0NH9zOhGZG
gzfAOgkXMrU=
=Mfo4
-----END PGP SIGNATURE-----

/Peter (The Pidentd author)

Next message: Ben Lull: "Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1"
Previous message: acpizer: "Re: Question on Solaris LC_MESSAGES libc exploit"
Next in thread: Danton Nunes: "Re: DOS against SuSE's identd"
Maybe reply: Danton Nunes: "Re: DOS against SuSE's identd"
Maybe reply: Alan Brown: "Re: DOS against SuSE's identd"
Reply: Seth R Arnold: "Re: DOS against SuSE's identd"
Reply: Volker Wiegand: "Re: DOS against SuSE's identd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:44 PDT