Bugtraq mailing list archives
Re: udp packet storms
From: matt () uts EDU AU (Jas)
Date: Sun, 30 Oct 1994 22:15:21 +1000 (EST)
Pat Myrto wrote this...
"In the previous message, Tim Newsham said..."There's at least one way to make a UDP packet storm. Not very hard to do: src address = 255.255.255.255 port 7 dst address = <some host> port 7 the port will be echoed by the inetd (echo port) back to the sender (255.255.255.255 port 7). Each machine with an inetd that has echo enabled will echo the packet back to the first machine. Broadcast addresses need not be used: src address = <some host> port 7 dst address = <some other host> port 7 I imagine the same can be done with talkd packets. UDP source addresses are easy to forge.That's interesting - it amounts to a feedback loop (in electrical or audio terminology). Is there a way to interrupt this sort of thing (short of killing inetd or the involved daemon) or rebooting (a drastic method of doing the same thing)? How would one prevent this without disabling the udp services?
hack up inetd to check for broadcast src addresses and/or kill source routing (or at the very least restrict it). Matt -- Matthew Keenan Systems Programmer Information Technology Division University of Technology Sydney Australia www: http://milliways.itd.uts.edu.au/~matt/ email: matt () uts edu au phone: +61 2 330 1390 "Don't murder a man who is about fax: +61 2 330 1999 to commit suicide." home: +61 2 416 5722 -- Machiavelli GCV 2.1 GAT/M/CS d--(-+) H-- s++:-- g+ p? !au a-(?) w+++ v+ C+++$ UVS++++$ P+>+++ L- 3+++ E-(++) N++ K W--- M+ V-- -po+(+) Y+ t+ !5>++ jx R+ G? !tv b+++ D++ B e+ u--(**) h- f+(*) r n- !y
Current thread:
- Re: udp packet storms, (continued)
- Re: udp packet storms Chris Ellwood (Oct 30)
- Re: udp packet storms Peter Wemm (Oct 30)
- Re: udp packet storms Perry E. Metzger (Oct 31)
- Re: udp packet storms Pat Myrto (Oct 29)
- Re: udp packet storms Darren Reed (Oct 30)
- Re: udp packet storms John Hawkinson (Oct 30)
- Re: udp packet storms Mark A. Fullmer (Oct 30)
- Re: udp packet storms Darren Reed (Oct 30)
- Re: udp packet storms Charles Howes (Oct 30)
- Re: udp packet storms Darren Reed (Oct 30)
- Re: udp packet storms Wietse Venema (Oct 30)
- Re: udp packet storms Jas (Oct 30)
- Re: udp packet storms Perry E. Metzger (Oct 30)
- Re: udp packet storms Tim Newsham (Oct 30)
- Re: udp packet storms Darren Reed (Oct 31)
- Re: udp packet storms Perry E. Metzger (Oct 31)
- Re: udp packet storms anthony baxter (Oct 31)
- Re: udp packet storms Paul 'Shag' Walmsley (Oct 31)
- Re: udp packet storms Darren Reed (Oct 31)
- CPF: 5th USENIX UNIX Security Symposium Frederick M Avolio (Oct 31)
- Re: udp packet storms (more results) Paul 'Shag' Walmsley (Oct 31)