From: moOd
To: BUGTRAQ@NETSPACE.ORG
Date: Sun, 30 Nov 1997 14:19:50 +0100
Subject: Linux inetd..
Description:
I've found that inetd on (*atleast*) Debian distribution of LiNUX crashes
when port 13 (daytime) / port 37 (time) is "half-open scanned"..
Half-open scanning means that you:
1) send SYN
2) if reply is SYN|ACK, send RST = port is listening
3) if reply is RST = port is not listening
I'm not skilled enough to write the code-piece for you to test this out,
but most of the new portscanner include this type of scanning method.
(scantcp 1.32, sirc, etc.)
Quick & dirty workaround:
Comment out daytime & time services from /etc/inetd.conf and restart inetd.
- -------
/ moOd [@invalid.org]
From aleph1@DFW.NET Tue Dec 9 10:14:11 1997
From: Aleph One
To: BUGTRAQ@NETSPACE.ORG
Date: Tue, 2 Dec 1997 00:50:26 -0600
Subject: Re: Linux inetd..
On Sun, 30 Nov 1997, moOd wrote:
> Description:
>
> I've found that inetd on (*atleast*) Debian distribution of LiNUX crashes
> when port 13 (daytime) / port 37 (time) is "half-open scanned"..
The problem is two fold.
First, inetd is dying because it receives a SIGPIPE when it tries to write
to the socket returned by accept since it does not install a signal
handler for it. To fix install a signal handler for SIGPIPE. I belive the
latest version of NetKit already does this.
Now you may be wondering why does a write to the socket returned by
accept() generates a SIGPIPE. This bring us to the second issue. It seems
that at least under Linux 2.0.X accept will return a socket in the
received queue if it is not in the SYN_SENT or SYN_RECV state, even when
it has not gone through the ESTABLISHED state.
By doing a stealth scan on the port the socket goes from the SYN_RECV
state to the CLOSED state. When you try to read from such a socket you
get a SIGPIPE. The sematics of Linux's accept seems to be non-standard. I
wonder what else breaks by not handling SIGPIPE.
Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
|