> On 21 Jul 2003 at 6:40, Karl DeBisschop wrote:
>
> > On Mon, 2003-07-21 at 00:59, Ethan Galstad wrote:
> > > Anyone have any comments on this? NRPE doesn't use much other than
> > > standard socket functions (listen(), accept(), send(), etc.), so I'm
> > > not sure what I could do other than tell people to run NRPE under
> > > inetd/xinetd...
> >
> > I don't know if people can help without having a copy of the advisory.
> >
> > It might be useful to pass on the xinetd idea as a short-term workaround
> > while you/we look further into it. But if you present that as a final
> > solution, it's might to be taken as refusal to take bugs seriously.
> >
>
> Hehe - I knew I shouldn't have been trying to send coherent email out
> at midnight. I've attached the originally ommitted advisory. From
> what I've seen looking around the net, protecting against SYN attacks
> usually involves mods to one's router or enabling SYN cookies in the
> kernel. I could be wrong though. Anyone have any thoughts or
> comments on this?
kernel switch or router protects against SYN flood - exhaustion of
resource after 20 or so connections. Where this is says it can be
created by only 2, I think the problem is likely in NRPE
I can't claim to be the worlds greatest expert, but I'll check out the
source tonight and see if I can help find anything. (Sounds like GDB
could help find where for people who are setting doen to experiment from
the implementation side, rather than from a code review.
--
Karl
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]