On Sun, 7 Sep 2003, Dagmar d'Surreal wrote: > I see... So you feel it's better to simply dare an attacker to try to > invoke three hundred bajillion copies of say, fingerd. How novel. I > can only hope the majority on the list realize why following your > suggestion is very bad. luckily, i think anyone that actually reads the entire man page would understand that. ;) from FreeBSD's inetd(8), " -c maximum Specify the default maximum number of simultaneous invocations of each service; the default is unlimited. May be overridden on a per-service basis with the "max-child" parameter. -C rate Specify the default maximum number of times a service can be invoked from a single IP address in one minute; the default is unlimited. May be overridden on a per-service basis with the "max-connections-per-ip-per-minute" parameter. -R rate Specify the maximum number of times a service can be invoked in one minute; the default is 256. A rate of 0 allows an unlimited number of invocations. -s maximum Specify the default maximum number of simultaneous invocations of each service from a single IP address; the default is unlimited. May be overridden on a per-service basis with the "max-child-per- ip" parameter. " so there are much better ways to address the problem in modern inetds. also, OS' i use make installing inetd at all optional. furthermore, many Linux' i'm familiar with make xinetd the default... so this is anything but 'default insecurity'. -mrh -- From: "Spam Catcher" <spam-catcher@adept.org> To: spam-catcher@adept.org Do NOT send email to the address listed above or you will be added to a blacklist!