13.2 | The TCP versions of the echo, discard, and chargen servers all run as a child process after being forked by inetd because these three run until the client terminates the connection. The other two TCP servers, time and daytime, do not require a fork because their service is trivial to implement (get the current time and date, format it, write it, and close the connection), so these two are handled directly by inetd. All five UDP services are handled without a fork because each generates at most a single datagram in response to the client datagram that triggers the service. These five are therefore handled directly by inetd. |
13.3 | This is a well-known denial-of-service attack ([CERT 1996a]). The first datagram from port 7 causes the chargen server to send a datagram back to port 7. This is echoed and sends another datagram to the chargen server. This loop continues. One solution, implemented in FreeBSD, is to refuse datagrams to any of the internal servers if the source port of the incoming datagram belongs to any of the internal servers. Another solution is to disable these internal services, either through inetd on each host or at an organization's router to the Internet. |
13.4 | The client's IP address and port are obtained from the socket address structure filled in by accept. The reason inetd does not do this for a UDP socket is because the recvfrom to read the datagram is performed by the actual server that is execed, not by inetd itself. inetd could read the datagram specifying the MSG_PEEK flag (Section 14.7), just to obtain the client's IP address and port, but leaving the datagram in place for the actual server to read. |