Re: ping flooding as normal user

[Cam <canasta () ONE NET AU>]

While the topic is on ping, has anyone tried the -s along with the -l
option. The -l option is to send preloaded no. of packets. Remember the
'ping of death'?

IP packets as per RFC-791 can be up to 65,535 (2^16-1) octets long,
which
includes the header length (typically 20 octets if no IP options are
specified). Packets that are bigger than the maximum size the underlying
layer can handle(the MTU) are fragmented into smaller packets, which are
then reassembled by the receiver.

ping -l 65510 the.host.ip.address

Try ping -l 65510 -s 65510 the.host.ip.address

The default -s option is 56, which is 64 ICMP data bytes when combined
with its 8 bytes of ICMP header. Amazingly, alot of systems can still
fall over via the 'ping of death' treatment.  If you are being hit, turn
off your ping ECHOs. (c:

Cam


Slawek wrote:
> On Mon, 14 Aug 2000, Slawek wrote:
> > > -s parameter of ping command has no upper limit for normal users.
> > > This allows normal users to send for example 1 * 60000 bytes of ICMP data
> > > per second (from one copy of ping invoked)
>
> Mon, August 14, 2000 8:32 PM +0200, Glen Rosenblatt wrote:
> > the problem is you aren't flooding, you are just sending the data, also
> > there is no use for normal users to have access to ping , chmod 700 ping,
> > and you are all set
>
> Yes, right .. but my problem is not I'm used for DoSing somebody else .. my
> problem is I'm being DoSed ..
>
> ping need to be suid root (if it weren't chmoding to 700 would do nothing -
> normal user could compile his own copy) and deleteing the suid bit is
> enough. Some systems has ping without suid bit set, although it's not the
> default configuration in most Unix/Linux distros ..
>
> I really think ping should be installed without suid bit in *default*
> configurations.
>
> It's not .. and I'm DoSed :(
>
> Bye,
> Slawek