Re[2]: Sendmail DOS
Hello Berend, You're right, it's a good question but: It *is* Sendmail ;-) I will try the features you told me, what do you think of this setting, there is 150 PCs behind a 128k leased line. O RefuseLA=15 O MaxDaemonChildren=30 O ConnectionRateThrottle=2 I wonder if "ConnectionRateThrottle" will just make the client wait or if he will refuse the connection (would be crazy !). Thanks. JF. Thursday, February 22, 2001, 12:42:40 PM, you wrote: BDS> On Thu, 22 Feb 2001 13:27:07 Antti Tolamo wrote: BDS> | At 13:16 22.2.2001, Berend De Schouwer wrote: BDS> | BDS> | | >>event a DoS, from | >>their description, if they are implemented correctly. At least, | >>they'll offer as much protection as inetd can. I've used them | >>before when a mail script when crazy and caused too many | >>connections. | >> | >>Anyway, Debian Potato ships with Exim, not sendmail. | >> BDS> | BDS> | So? BDS> So does Nessus talk to sendmail or Exim? I've had security scanners BDS> scan my OpenBSD ftp server and list wu-ftpd vulnerabilities. BDS> Just checking :) BDS> | Antti BDS> | BDS> | BDS> | -- BDS> | To UNSUBSCRIBE, email to [EMAIL PROTECTED] BDS> | with a subject of "unsubscribe". Trouble? Contact BDS> | [EMAIL PROTECTED] BDS> | BDS> Kind regards, BDS> Berend -- Best regards, Jean-Francoismailto:[EMAIL PROTECTED]
Re: Sendmail DOS
On Thu, 22 Feb 2001 13:27:07 Antti Tolamo wrote: | At 13:16 22.2.2001, Berend De Schouwer wrote: | | | >event a DoS, from | >their description, if they are implemented correctly. At least, | >they'll offer as much protection as inetd can. I've used them | >before when a mail script when crazy and caused too many | >connections. | > | >Anyway, Debian Potato ships with Exim, not sendmail. | > | | So? So does Nessus talk to sendmail or Exim? I've had security scanners scan my OpenBSD ftp server and list wu-ftpd vulnerabilities. Just checking :) | Antti | | | -- | To UNSUBSCRIBE, email to [EMAIL PROTECTED] | with a subject of "unsubscribe". Trouble? Contact | [EMAIL PROTECTED] | Kind regards, Berend -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Berend De Schouwer, +27-11-712-1435, UCS
Re: Sendmail DOS
At 13:16 22.2.2001, Berend De Schouwer wrote: event a DoS, from their description, if they are implemented correctly. At least, they'll offer as much protection as inetd can. I've used them before when a mail script when crazy and caused too many connections. Anyway, Debian Potato ships with Exim, not sendmail. So? Antti
Re: Sendmail DOS
On Thu, 22 Feb 2001 12:59:06 Jean-Francois JOLY wrote: | Hello Everybody, | | I've ran Nessus against some servers and it reports me that | sendmail | is vulnerable to a Syn Flood. I've grabbed utilities to test the | vulnerabilitie and haven't succeed to reproduce the problem. | I've found no information about this vulnerabilitie. | Do you know if this is a true problem or just a false report ? | | In my configuration, Sendmail is run as a standalone daemon. | Should I include it in Xinetd to stop the Problem ? Somehow I don't think its necessary (I could be wrong). Look in /etc/sendmail.cf for: # load average at which we refuse connections O RefuseLA=10 # maximum number of children we allow at one time O MaxDaemonChildren=50 # maximum number of new connections per second O ConnectionRateThrottle=3 Any of the above options should be able to prevent a DoS, from their description, if they are implemented correctly. At least, they'll offer as much protection as inetd can. I've used them before when a mail script when crazy and caused too many connections. Anyway, Debian Potato ships with Exim, not sendmail. | Thanks. | | -- | Best regards, | Jean-Francois mailto:[EMAIL PROTECTED] | | | | -- | To UNSUBSCRIBE, email to [EMAIL PROTECTED] | with a subject of "unsubscribe". Trouble? Contact | [EMAIL PROTECTED] | Kind regards, Berend -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Berend De Schouwer, +27-11-712-1435, UCS
Sendmail DOS
Hello Everybody, I've ran Nessus against some servers and it reports me that sendmail is vulnerable to a Syn Flood. I've grabbed utilities to test the vulnerabilitie and haven't succeed to reproduce the problem. I've found no information about this vulnerabilitie. Do you know if this is a true problem or just a false report ? In my configuration, Sendmail is run as a standalone daemon. Should I include it in Xinetd to stop the Problem ? Thanks. -- Best regards, Jean-Francois mailto:[EMAIL PROTECTED]
Re[2]: Sendmail DOS
Hello Berend, You're right, it's a good question but: It *is* Sendmail ;-) I will try the features you told me, what do you think of this setting, there is 150 PCs behind a 128k leased line. O RefuseLA=15 O MaxDaemonChildren=30 O ConnectionRateThrottle=2 I wonder if "ConnectionRateThrottle" will just make the client wait or if he will refuse the connection (would be crazy !). Thanks. JF. Thursday, February 22, 2001, 12:42:40 PM, you wrote: BDS> On Thu, 22 Feb 2001 13:27:07 Antti Tolamo wrote: BDS> | At 13:16 22.2.2001, Berend De Schouwer wrote: BDS> | BDS> | | >>event a DoS, from | >>their description, if they are implemented correctly. At least, | >>they'll offer as much protection as inetd can. I've used them | >>before when a mail script when crazy and caused too many | >>connections. | >> | >>Anyway, Debian Potato ships with Exim, not sendmail. | >> BDS> | BDS> | So? BDS> So does Nessus talk to sendmail or Exim? I've had security scanners BDS> scan my OpenBSD ftp server and list wu-ftpd vulnerabilities. BDS> Just checking :) BDS> | Antti BDS> | BDS> | BDS> | -- BDS> | To UNSUBSCRIBE, email to [EMAIL PROTECTED] BDS> | with a subject of "unsubscribe". Trouble? Contact BDS> | [EMAIL PROTECTED] BDS> | BDS> Kind regards, BDS> Berend -- Best regards, Jean-Francoismailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail DOS
On Thu, 22 Feb 2001 13:27:07 Antti Tolamo wrote: | At 13:16 22.2.2001, Berend De Schouwer wrote: | | | >event a DoS, from | >their description, if they are implemented correctly. At least, | >they'll offer as much protection as inetd can. I've used them | >before when a mail script when crazy and caused too many | >connections. | > | >Anyway, Debian Potato ships with Exim, not sendmail. | > | | So? So does Nessus talk to sendmail or Exim? I've had security scanners scan my OpenBSD ftp server and list wu-ftpd vulnerabilities. Just checking :) | Antti | | | -- | To UNSUBSCRIBE, email to [EMAIL PROTECTED] | with a subject of "unsubscribe". Trouble? Contact | [EMAIL PROTECTED] | Kind regards, Berend -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Berend De Schouwer, +27-11-712-1435, UCS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail DOS
At 13:16 22.2.2001, Berend De Schouwer wrote: >event a DoS, from >their description, if they are implemented correctly. At least, >they'll offer as much protection as inetd can. I've used them >before when a mail script when crazy and caused too many >connections. > >Anyway, Debian Potato ships with Exim, not sendmail. > So? Antti -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail DOS
On Thu, 22 Feb 2001 12:59:06 Jean-Francois JOLY wrote: | Hello Everybody, | | I've ran Nessus against some servers and it reports me that | sendmail | is vulnerable to a Syn Flood. I've grabbed utilities to test the | vulnerabilitie and haven't succeed to reproduce the problem. | I've found no information about this vulnerabilitie. | Do you know if this is a true problem or just a false report ? | | In my configuration, Sendmail is run as a standalone daemon. | Should I include it in Xinetd to stop the Problem ? Somehow I don't think its necessary (I could be wrong). Look in /etc/sendmail.cf for: # load average at which we refuse connections O RefuseLA=10 # maximum number of children we allow at one time O MaxDaemonChildren=50 # maximum number of new connections per second O ConnectionRateThrottle=3 Any of the above options should be able to prevent a DoS, from their description, if they are implemented correctly. At least, they'll offer as much protection as inetd can. I've used them before when a mail script when crazy and caused too many connections. Anyway, Debian Potato ships with Exim, not sendmail. | Thanks. | | -- | Best regards, | Jean-Francois mailto:[EMAIL PROTECTED] | | | | -- | To UNSUBSCRIBE, email to [EMAIL PROTECTED] | with a subject of "unsubscribe". Trouble? Contact | [EMAIL PROTECTED] | Kind regards, Berend -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Berend De Schouwer, +27-11-712-1435, UCS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Sendmail DOS
Hello Everybody, I've ran Nessus against some servers and it reports me that sendmail is vulnerable to a Syn Flood. I've grabbed utilities to test the vulnerabilitie and haven't succeed to reproduce the problem. I've found no information about this vulnerabilitie. Do you know if this is a true problem or just a false report ? In my configuration, Sendmail is run as a standalone daemon. Should I include it in Xinetd to stop the Problem ? Thanks. -- Best regards, Jean-Francois mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]