(Fwd) Denial of Service Vulnerability in Nagios

[Karl DeBisschop]

On Mon, 2003-07-21 at 18:54, Ethan Galstad wrote:
> On 21 Jul 2003 at 6:40, Karl DeBisschop wrote:
> 
> > On Mon, 2003-07-21 at 00:59, Ethan Galstad wrote:
> > > Anyone have any comments on this?  NRPE doesn't use much other than 
> > > standard socket functions (listen(), accept(), send(), etc.), so I'm 
> > > not sure what I could do other than tell people to run NRPE under 
> > > inetd/xinetd...
> > 
> > I don't know if people can help without having a copy of the advisory. 
> > 
> > It might be useful to pass on the xinetd idea as a short-term workaround
> > while you/we look further into it. But if you present that as a final
> > solution, it's might to be taken as refusal to take bugs seriously.
> > 
> 
> Hehe - I knew I shouldn't have been trying to send coherent email out 
> at midnight.  I've attached the originally ommitted advisory.  From 
> what I've seen looking around the net, protecting against SYN attacks 
> usually involves mods to one's router or enabling SYN cookies in the 
> kernel. I could be wrong though.  Anyone have any thoughts or 
> comments on this?  

kernel switch or router protects against SYN flood - exhaustion of
resource after 20 or so connections. Where this is says it can be
created by only 2, I think the problem is likely in NRPE :(

I can't claim to be the worlds greatest expert, but I'll check out the
source tonight and see if I can help find anything. (Sounds like GDB
could help find where for people who are setting doen to experiment from
the implementation side, rather than from a code review.

--
Karl



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0