| 13.2
|
The TCP versions of the echo,
discard, and chargen servers all run as a child
process after being forked by inetd because these
three run until the client terminates the connection. The other two
TCP servers, time and daytime, do not require a
fork because their service is trivial to implement (get
the current time and date, format it, write it, and close the
connection), so these two are handled directly by inetd.
All five UDP services are handled without a fork because
each generates at most a single datagram in response to the client
datagram that triggers the service. These five are therefore
handled directly by inetd.
|
| 13.3
|
This is a well-known denial-of-service attack
([CERT 1996a]). The first datagram from port 7 causes the
chargen server to send a datagram back to port 7. This is
echoed and sends another datagram to the chargen server.
This loop continues. One solution, implemented in FreeBSD, is to
refuse datagrams to any of the internal servers if the source port
of the incoming datagram belongs to any of the internal servers.
Another solution is to disable these internal services, either
through inetd on each host or at an organization's router
to the Internet.
|
| 13.4
|
The client's IP address and port are obtained
from the socket address structure filled in by accept.
The reason inetd does not do this for a
UDP socket is because the recvfrom to read the datagram is
performed by the actual server that is execed, not by
inetd itself.
inetd could read the datagram
specifying the MSG_PEEK flag (Section 14.7), just
to obtain the client's IP address and port, but leaving the
datagram in place for the actual server to read.
|
