> It's easy to make an inetd service unusable on Redhat Linux, by simple
> flooding the port with connections.
Its easy to set it up in inetd.conf to change the time limits if you wish
> You should add a feature in inetd which limits the number of connections per
> minute based on the source IP addr.
> With this addition we can easily block the attacker, while keeping the services
> enabled for regular users.
You can't do that. Then you have a denial of service attack. I can force you
to remember 2^32 IP addresses who tried to connect. That takes, oh 16Gb
of memory. Whoops bang.
If you do it by class C then you only need 64Mb for the table worst case
but you now have another problem. A single host can take out a whole class
C so typically one problem on a local network takes out everything on that
network.
There are some alternative schemes. They require tracking the current
number of sessions and maintaining a connections/period limit as well. The
best you can do is increase the bandwidth an attacker needs which also
conveniently reduces the potential dead time.
Take a look at xinetd. It handles some of this better than inetd
Alan
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
