(no) timeout for auth-requests by authprogs/ident

Matthias Urlichs smurf at noris.de
Tue Apr 24 05:45:55 UTC 2001


Katsuhiro Kondou:
> In article <20010423211635.A26117 at noris.de>,
> 	fany at noris.de wrote;
> } when querying hosts behind firewalls which deny auth-requests (that is,
> } they don't send reject packets), the authprogs/ident program shipped
> } with INN 2.3.{0,1} simply hangs forever, and thus also nnrpd just hangs;
> } neither can the user really connect, nor does he get any error message.
> Why do you use auth for those clients?

Because we don't know where our clients call in from.

Besides, a hanging nnrpd is a bug no matter how it's caused. A malicious
client might exploit this simply by firewalling off ident requests on
their end and nnrpd'ing until swap fills up, even if we restrict the IP
ranges ident is used from.

Matthias Urlichs     |     noris network AG     |     http://smurf.noris.de/

More information about the inn-bugs mailing list