Bugtraq mailing list archives
Re: pingflood.c
From: pedward () WEBCOM COM (pedward () WEBCOM COM)
Date: Mon, 18 May 1998 12:37:24 -0700
On most machines select returns -1, errno=EINTR on a signal that is handled.
You are correct. To fix the original code I posted, here goes: [note, it will probably take longer than the interval, because of the number of calls involved, but that's your thing] void mysleep(int seconds) { struct timeval tv_now; struct timeval tv_then; struct timeval tv; tv.tv_sec=seconds; tv.tv_usec=0; gettimeofday(&tv_now); tv_then.tv_sec = tv_now.tv_sec + seconds; tv_then.tv_usec = 0; while(select(0,NULL,NULL,NULL,&tv) != 0) { gettimeofday(&tv_now); tv.tv_sec = tv_then.tv_sec - tv_now.tv_sec; tv.tv_usec = tv_then.tv_usec - tv_now.tv_usec; } } There you go. It just shows how such an insignificant little thing can consume a lot of time to solve.
Also the real problem is much more fundamental than all of the ping -f arguments. Consider fork 10 pings while(1) { kill all pings as we get sigcld fork new ones delay (not long) } Another ping -f style attack. Or I could use UDP to send billions of packets - far far simpler.
I concur, UDP is fully user level, and it can be programmed much easier than ICMP.
There is only one serious way to handle this, and it goes beyond the conventional Unix networking. Like any other resource you quota users in packets/bytes per second. Secure network folk would probably like a per user BPF filter that must say Yes to any packet the user attempts to send as well. I don't think anyone is addressing this right now. Alan
--Perry -- Perry Harrington System Software Engineer zelur xuniL () http://www.webcom.com perry.harrington () webcom com Think Blue. /\
Current thread:
- Re: pingflood.c Aggelos P. Varvitsiotis (May 18)
- Re: pingflood.c pedward () WEBCOM COM (May 18)
- Re: pingflood.c Jeffrey Hutzelman (May 18)
- Re: pingflood.c Phil Stracchino (May 18)
- root from file table overflows? Chris Conner (May 19)
- Re: pingflood.c Theo de Raadt (May 18)
- Re: pingflood.c sinster () DARKWATER COM (May 18)
- <Possible follow-ups>
- Re: pingflood.c pedward () WEBCOM COM (May 18)
- Re: pingflood.c Niall Smart (May 18)
- Re: pingflood.c pedward () WEBCOM COM (May 18)