Re: LYNX-DEV Lynx/MSIE denial-of-service

[Jason Baker]

On Mar 11, Larry W. Virden, x2487 wrote:
> > though viewing a file of infinite length. This has caused a modem
> > connection to drop using MSIE, and slowed a Linux system using lynx to a
> > crawl due to exhaustion of memory. Both processes were aborted before any
> > further damage was caused.
> 
> What is a file of 'infinite length'?  That's some disk drive I guess.
> Or is it a broken cgi that just keeps going and going?

As I recall, that's just a service provided by inetd, for testing 
SOMETHING.  It just keeps spewing a stream of characters as fast as 
you want them/can take them.  The stream is internally generated, so
there's no file per se.

That should really be disabled, though, as covered in a CERT advisory
(my notes in inetd.conf don't indicate which one).  People looking
to screw you up would sucker your system into sending chargen output
to echo, and the system would start jabbering at itself as fast as
possible. :(

> In any case, please _don't_ put arbitrary limits into lynx ; I would
> just as soon see no limits put in myself and just have lynx stop when it
> can't go any further.

Well, on a single user system that's OK, but I'd be royally peeved (and
so would the other programmers) if somebody using Lynx encountered a
redirect to http://localhost:19/ and froze the system. :(

Jason

-- 
 address@hidden                         |   PGP key available
 Systems Administrator, Information Systems         |   from MIT keyserver.
 BC Family Maintenance Enforcement Program          |   KeyID: 6DA770E9

      Pride, Envy, Greed, Lust, Wrath, Gluttony, Sloth, Netscapisms

pgpz7ctynxyWC.pgp
Description: PGP signature