[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: potential DoS of tcplogd in package iplogger

Hmmm, this means that running tcplogd is a security hazard...



At 01:25 AM 11/13/99 +0100, Engard Ferenc wrote:
On Fri, 12 Nov 1999, Onno wrote:

>At 09:37 PM 11/11/99 +0100, Ralf Nyren wrote:

>>In package iplogger there is a daemon, tcplogd, which logs incoming
>>tcp-connection attempts to syslog.
>> It seems that this daemon forks a child for every connection discovered and
>>if for example the machine running tcplogd is syn-flooded there will be a
>>lot of tcplogd's forked.

>Do you mean that you didn't -compile- it in the kernel???
>(I'm not sure there is an option or not....)
>Or that you didn't enable it (root# sysctl -w net/ipv4/tcp_syncookies=1) ???

You don't need to get a synflood, anyway. I suspect that even one or
two portscan in a short time will be enough. (I think that that was
the problem with our machine, when it ran 20x tcplogd, and there was
a 74 load average...) :(


 __  @
/  \    _   _                                           Engárd Ferenc
l    | ( \ /  | | (\/)                      mailto:s-fery@kkt.sote.hu
\__/ | |   \_ \_/ I  I                    http://pons.sote.hu/~s-fery

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: