On Sun, Oct 19, 2003 at 08:39:58PM -0400, Matt Zimmerman wrote:
>
> Yes, I think you are the only one so far who thinks that this is any
> different, in terms of potential harm, from spraying exactly the same
> packets without anything listening on the discard port on the remote host.
Righto, bac
On Sun, Oct 19, 2003 at 01:37:58PM +1000, Andrew Pollock wrote:
> On Sat, Oct 18, 2003 at 09:32:54PM -0400, Matt Zimmerman wrote:
> > Yes, it receives data from the network and throws it away. But I don't see
> > how this figures into your example. If you can give me an scenario where
> > this s
On Sun, Oct 19, 2003 at 01:53:15PM +1000, Andrew Pollock wrote:
> On Sat, Oct 18, 2003 at 01:40:51AM -0400, Matt Zimmerman wrote:
> > On Sat, Oct 18, 2003 at 11:04:31AM +1000, Andrew Pollock wrote:
> >
> > It's pretty trivial with netkit-inetd as well; you edit /etc/inetd.conf and
> > comment out
On Sun, Oct 19, 2003 at 02:57:44PM +1000, Andrew Pollock wrote:
> On Sun, Oct 19, 2003 at 12:13:02PM +0800, Cameron Patrick wrote:
> > Yeah, but you can do that on any given port whether it's open or not. e.g.
> >
> > cat /dev/zero | nc -u victim 12345
> >
> > (nc in UDP mode seems to ignore "ICM
On Sun, Oct 19, 2003 at 12:13:02PM +0800, Cameron Patrick wrote:
>
> Yeah, but you can do that on any given port whether it's open or not. e.g.
>
> cat /dev/zero | nc -u victim 12345
>
> (nc in UDP mode seems to ignore "ICMP port unreachable" packets in my
> testing... if it doesn't you can alw
On Sun, Oct 19, 2003 at 01:37:58PM +1000, Andrew Pollock wrote:
| Hmm, am I the only one that thinks
|
| dd if=/dev/zero | nc victim discard
|
| is a bad thing, in an environment where the victim is paying cents per meg
| for inbound traffic? I'm no so much talking about DoSing anything, but
|
On Sat, Oct 18, 2003 at 01:40:51AM -0400, Matt Zimmerman wrote:
> On Sat, Oct 18, 2003 at 11:04:31AM +1000, Andrew Pollock wrote:
>
> It's pretty trivial with netkit-inetd as well; you edit /etc/inetd.conf and
> comment out what you don't want.
>
Additional packages that wish to register an (x)i
On Sat, Oct 18, 2003 at 09:32:54PM -0400, Matt Zimmerman wrote:
> On Sun, Oct 19, 2003 at 10:48:47AM +1000, Andrew Pollock wrote:
>
> > On Sat, Oct 18, 2003 at 01:40:51AM -0400, Matt Zimmerman wrote:
>
> Yes, it receives data from the network and throws it away. But I don't see
> how this figure
On Sun, Oct 19, 2003 at 10:48:47AM +1000, Andrew Pollock wrote:
> On Sat, Oct 18, 2003 at 01:40:51AM -0400, Matt Zimmerman wrote:
> > On Sat, Oct 18, 2003 at 11:04:31AM +1000, Andrew Pollock wrote:
> > > To cap it off, the discard service seems to be enabled out of the box. So
> > > is daytime. Da
On Sun, Oct 19, 2003 at 10:48:47AM +1000, Andrew Pollock wrote:
> On Sat, Oct 18, 2003 at 01:40:51AM -0400, Matt Zimmerman wrote:
> > I would like to see inetd leave the base system as well, but what problem
> > could you possibly have with the discard service?
>
> Well it's been so long since I'
On Sat, Oct 18, 2003 at 01:40:51AM -0400, Matt Zimmerman wrote:
> On Sat, Oct 18, 2003 at 11:04:31AM +1000, Andrew Pollock wrote:
>
> > To cap it off, the discard service seems to be enabled out of the box. So
> > is daytime. Daytime's not too bad, but discard? I personally believe we
> > should b
Hi!
If you are at it, please also arrange that netbase do not depend
on any network daemons. I guess lot of us want to have /etc/services,
but do not want inetd and portmapper.
Thank you.
2003-10-18, szo keltezéssel Marco d'Itri ezt írta:
> On Oct 18, Andrew Pollock <[EMAIL PROTECTED]> wrote:
>
On Oct 18, Andrew Pollock <[EMAIL PROTECTED]> wrote:
>I've got a bit of spare time up my sleeves at the moment, and would like
>to help make netkit-inetd not part of a base install. What would it take?
Helping to complete the update-inetd rewrite.
If you are really so much interested please sen
On Sat, Oct 18, 2003 at 11:04:31AM +1000, Andrew Pollock wrote:
> To cap it off, the discard service seems to be enabled out of the box. So
> is daytime. Daytime's not too bad, but discard? I personally believe we
> should be shipping sarge such that it installs offering the smallest
> number of n
Hi,
I finally had some time and a new hard drive to get around to trying out a
virgin sarge installation. To my dismay, I found that netkit-inetd is
still going on as part of base.
As a security professional, I think this is a Bad Thing(tm). For all the
woody boxes I deploy in my infrastructure
15 matches
Mail list logo
