[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Advice on inetd Denial of Service Bug

On Thu, Mar 30, 2000 at 02:35:43PM +1000, Herbert Xu wrote:
> As to the dependency on fuser, hmm, now what's that thing called netstat(1)
> which happens to be in your package and also happens to have a flag called
> -p? :)


On the upside, netstat also distinguishes between listening and accepting
sockets, unlike fuser (afaict). On the downside, it doesn't have a nice
`query' command line. Oh well:

sed -n 's/[[:space:]]/ /g;s/  */ /g;/^ *[^#]/p' /etc/inetd.conf | 
	cut -d" " -f1,3,4 | 
	while read a b c; do 
		if [ "$c" = "wait" ]; then 
		X=`grep "[0-9]*/$b" /etc/services | 
			sed 's/^/^/;s/$/$/' | 
			grep "[^a-z0-9]$a[^a-z0-9]" | 
			sed 's/[[:space:]]/ /g;s/  */ /g' | 
			cut -d\  -f2 | 
			sed 's,/.*$,,'`; 
		if [ "$X" ]; then 
			echo $X $b; 
			echo $a $b; 
	done | 
	while read a b; do 
		sudo netstat -n -lp -t -u | 
			sed 's/LISTEN//;s/[[:space:]]/ /g;s/  */ /g' | 
			cut -d\  -f1,4,6  | 
			sed -n 's,^\([^ ]*\) \([^ :]*\):\([0-9]*\) \([0-9]*\)/\(.*\)$,\3 \1 \4,p'  | 
			sed -n "s/^$a $b //p"; 
	done 2>/dev/null | 
	sort | 
	uniq | 
	xargs ps u

...seems to work.



Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG encrypted mail preferred.

 ``The thing is: trying to be too generic is EVIL. It's stupid, it 
        results in slower code, and it results in more bugs.''
                                        -- Linus Torvalds

Attachment: pgpuVQpcZqyGr.pgp
Description: PGP signature

Reply to: