[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 11 years of inetd default insecurity?

To: psz@xxxxxxxxxxxxxxxxx (Paul Szabo)
Subject: Re: 11 years of inetd default insecurity?
From: Lucas Holt <luke@xxxxxxxxxxxxxxxx>
Date: Mon, 8 Sep 2003 16:51:12 -0400

Your cure is worse than the disease: rate limiting allows a DoS against the service, no limit allows a DoS against the whole machine.

Cheers,

Paul Szabo - psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia

Isn't that the point of system administration, to set reasonable values for such things. A balance between a reasonable load and a full DOS attack on the service or machine must be achieved.

I don't see how this feature is bad as long as its used properly. Besides many people run multiple services on a host.. if you set the value to unlimited all services are DOS'd. For instance, I have a system running apache, sendmail, and imapd. imapd is spawned by inetd and therefore could be DOS'd with a limit. By setting a limit though, my apache and sendmail servers stay up. I think this is a no brainer.


Lucas Holt
Luke@xxxxxxxxxxxxxxxx
________________________________________________________
FoolishGames.com  (Jewel Fan Site)
JustJournal.com (Free blogging)

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - Albert Einstein (1879-1955)

References:
- Re: 11 years of inetd default insecurity?
  - From: Paul Szabo

Prev by Date: RE: BAD NEWS: Microsoft Security Bulletin MS03-032
Next by Date: Microsoft security update broken?
Previous by thread: Re[2]: 11 years of inetd default insecurity?
Next by thread: Re: Re[2]: 11 years of inetd default insecurity?
Index(es):
- Date
- Thread