potential DoS of tcplogd in package iplogger

To: debian-security@lists.debian.org
Subject: potential DoS of tcplogd in package iplogger
From: Ralf Nyren <plumbum@linux.nu>
Date: Thu, 11 Nov 1999 21:37:27 +0100
Message-id: <[🔎] 19991111213727.A2024@Iluvatar>


Hi!

I don't if this is already known but I thought it might be worth a notice.

In package iplogger there is a daemon, tcplogd, which logs incoming
tcp-connection attempts to syslog.
 It seems that this daemon forks a child for every connection discovered and
if for example the machine running tcplogd is syn-flooded there will be a
lot of tcplogd's forked.
 The tcplogd processes will die of by time but during the attack the machine
will be more or less inaccessable.


Info: 
iplogger 1.1-4
no syn-cookies support in kernel (2.2.12)

Please Cc any answer to me since I have not subscribed to this list.

/Ralf Nyrén

Reply to:

Follow-Ups:
- Re: potential DoS of tcplogd in package iplogger
  - From: Onno <ebbin200@tech.nhl.nl>

Prev by Date: Re: Basic Security Doc?
Next by Date: bind / named
Previous by thread: Re: Basic Security Doc?
Next by thread: Re: potential DoS of tcplogd in package iplogger
Index(es):
- Date
- Thread