Possible DoS attack with new IPlogger release

To: debian-devel@lists.debian.org
Subject: Possible DoS attack with new IPlogger release
From: Hugo Haas <hugo@via.ecp.fr>
Date: Wed, 29 Apr 1998 22:30:10 +0200
Message-id: <[🔎] 19980429223010.B14248@via.ecp.fr>

Hi.

The new version of IPlogger offers a new feature: when there is a TCP
connection attempt, "user@host" is now logged instead of "host".

However, if strobe is run on localhost, a connection to identd is done
at each connection, and then the auth service is disabled after about
60 connections:

Apr 28 22:10:56 voodoo inetd[121]: auth/tcp server failing (looping),
service terminated 

After a few minutes (say 15 minutes), inetd restarts the auth service.

This means that identd can be "killed" if a user runs strobe on the server.

As I do not really see how to solve the problem, except by disabling
this feature which is more or less the only difference between version
1.0 and version 1.1, I'd like to know if this problem is considered a
critical one or not. In other words, do I have to package this version
or not?

I have warned the author about this problem, but he seems to consider
it as a minor problem, so I don't expect a new version soon...

Regards,

Hugo

-- 
Hugo Haas         <Hugo.Haas@via.ecp.fr>     <http://www.via.ecp.fr/~hugo/>
PGP2 key id 0x8a5af90d, fingerprint 45AB 8D24 B3E4 C9DD E85C 25C8 DB0B BFA3


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Possible DoS attack with new IPlogger release
  - From: Herbert Xu <herbert@gondor.apana.org.au>

Prev by Date: Re: Only m68k and i386 in hamm?
Next by Date: Maybe alpha should be in hamm? (was: Re: Only m68k and i386 in hamm?)
Previous by thread: mkisofs (was: creating hamm cdroms)
Next by thread: Re: Possible DoS attack with new IPlogger release
Index(es):
- Date
- Thread