Re: 11 years of inetd default insecurity?
On 2003.09.06 18:08:22 +0400, 3APA3A <3APA3A@xxxxxxxxxxxxxxxx> wrote:
> II. Who is vulnerable
>
> Any system shipped with network daemons launched through inetd
> (FreeBSD, SuSE, Red Hat, etc.).
FreeBSD doesn't run anything through inetd by default. You have to
manually edit inetd.conf to enable anything, and there is a warning
screen during the install process about doing so.
Additionally, FreeBSD's stock inetd has the following options:
-c maximum
Specify the default maximum number of simultaneous
invocations of each service; the default is unlimited.
May be overridden on a per-service basis with the
"max-child" parameter.
-C rate
Specify the default maximum number of times a service can
be invoked from a single IP address in one minute; the
default is unlimited. May be overridden on a per-service
basis with the "max-connections-per-ip-per-minute"
parameter.
-R rate
Specify the maximum number of times a service can be
invoked in one minute; the default is 256. A rate of 0
allows an unlimited number of invocations.
-s maximum
Specify the default maximum number of simultaneous
invocations of each service from a single IP address; the
default is unlimited. May be overridden on a per-service
basis with the "max-child-per-ip" parameter.