[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#2133: inetd(8) doesn't say whether/when looping services reenabled

Ian Jackson wrote:
> The manpage inetd(8) describes the `.max' suffix in the inetd.conf:
>                             The optional ``max'' suffix (separated from
>      ``wait'' or ``nowait'' by a dot) specifies the maximum number of server
>      instances that may be spawned from inetd within an interval of 60 sec-
>      onds. When omitted, ``max'' defaults to 40.
> However, it doesn't say whether disabled services are reenabled
> automatically, and if so when.
> If disabled services are not reenabled automatically after a timeout
> they should be, IMO.  If they are the timeout should be documented.

The next netbase package uses (a patched version of) the latest FreeBSD
inetd. It doesn't support the ".max" suffix anymore (it uses a global
command line option instead). The behaviour is also documented in the

- service/protocol server failing (looping), service terminated.
  The number of requests for the specified service in the past minute ex-
  ceeded the limit. The limit exists to prevent a broken program or a mali-
  cious user from swamping the system.  This message may occur for several
  reasons: 1) there are lots of hosts requesting the service within a short
  time period, 2) a 'broken' client program is requesting the service too
  frequently, 3) a malicious user is running a program to invoke the ser-
  vice in a 'denial of service' attack, or 4) the invoked service program
  has an error that causes clients to retry quickly.  Use the [-R] option,
  as described above, to change the rate limit.  Once the limit is reached,
  the service will be reenabled automatically in 10 minutes.


 Peter Tobias                                EMail:
 Fachhochschule Ostfriesland                 tobias@et-inf.fho-emden.de
 Fachbereich Elektrotechnik und Informatik   tobias@perseus.fho-emden.de
 Constantiaplatz 4, 26723 Emden, Germany

Reply to: