<<< Date Index >>>     <<< Thread Index >>>

Re: 11 years of inetd default insecurity?



On 2003.09.06 18:08:22 +0400, 3APA3A <3APA3A@xxxxxxxxxxxxxxxx> wrote:
> II. Who is vulnerable
> 
> Any system shipped with network daemons launched through inetd
> (FreeBSD, SuSE, Red Hat, etc.).

FreeBSD doesn't run anything through inetd by default.  You have to
manually edit inetd.conf to enable anything, and there is a warning
screen during the install process about doing so.

Additionally, FreeBSD's stock inetd has the following options:

     -c maximum
             Specify the default maximum number of simultaneous
             invocations of each service; the default is unlimited.
             May be overridden on a per-service basis with the
             "max-child" parameter.

     -C rate
             Specify the default maximum number of times a service can
             be invoked from a single IP address in one minute; the
             default is unlimited.  May be overridden on a per-service
             basis with the "max-connections-per-ip-per-minute"
             parameter.

     -R rate
             Specify the maximum number of times a service can be
             invoked in one minute; the default is 256.  A rate of 0
             allows an unlimited number of invocations.

     -s maximum
             Specify the default maximum number of simultaneous
             invocations of each service from a single IP address; the
             default is unlimited.  May be overridden on a per-service
             basis with the "max-child-per-ip" parameter.