Bugtraq mailing list archives
Re: udp packet storms
From: perry () imsi com (Perry E. Metzger)
Date: Mon, 31 Oct 1994 08:44:49 -0500
Wild. It works on SunOS 4.1.3_U1, even though it is explicitly not supposed to. (Incidently, its easier to test this with ping -s broadcastaddr; no need to compile any new code.) This is certainly a bug, and a bad one. You aren't supposed to have to hack every program that uses UDP not to reply on the broadcast address; the need for the sockopt if you want to do a broadcast is supposed to protect you. This is Very Bad News. It means that it is possible to disable remote networks by sending out chernobylgrams to them provided the router shares the defect -- and many firewall routers these days run by people who believe in packet filtering are BSD based and might have this flaw. Could people tell us which operating systems have this defect and which do not? This is an important one to catch before the evil folks get out their packet forgers. Perry Tim Newsham says:
To my knowledge, the broadcast trick will not work -- the "broadcast" will not go out on the ethernet or other broadcast address because the broadcast socket option will not have been selected and the packet will not be broadcast in reply. The echo loop between two hosts might, of course... PerryRun the following program. Try "[name] 255.255.255.255" and "[name] X.X.X.255" (assuming 8 bit subnetting). Notice both will work properly although I did not do a setsockopt with SO_BROADCAST. Tim N. /* echo.c - [name] [ip address] */ #include <sys/types.h> #include <sys/signal.h> #include <sys/socket.h> #include <netinet/in.h> int hosts = 0; im_done() { printf("Done. %d hosts responded\n", hosts); exit(0); } error(str) char *str; { perror(str); exit(1); } main(argc, argv) char **argv; { int s, adlen, val; char *message = "Echo Test", *remote; char buf[128]; struct sockaddr_in ad; if(argc > 1) remote = argv[1]; else remote = "127.0.0.1"; signal(SIGINT, im_done); s = socket(AF_INET, SOCK_DGRAM, 0); if(s < 0) error("socket"); ad.sin_family = AF_INET; ad.sin_addr.s_addr = inet_addr(remote); ad.sin_port = htons(7); if(sendto(s, message, strlen(message), 0, &ad, sizeof(ad)) < 0) error("sendto"); printf("Echo Test. SIGINT to quit.\n"); adlen = sizeof(ad); while(recvfrom(s, buf, 128, 0, &ad, &adlen) > 0) { printf("Reply from %s: %s\n", inet_ntoa(ad.sin_addr), buf); hosts++; } }
Current thread:
- Re: udp packet storms, (continued)
- Re: udp packet storms Darren Reed (Oct 30)
- Re: udp packet storms John Hawkinson (Oct 30)
- Re: udp packet storms Mark A. Fullmer (Oct 30)
- Re: udp packet storms Darren Reed (Oct 30)
- Re: udp packet storms Charles Howes (Oct 30)
- Re: udp packet storms Darren Reed (Oct 30)
- Re: udp packet storms Wietse Venema (Oct 30)
- Re: udp packet storms Jas (Oct 30)
- Re: udp packet storms Perry E. Metzger (Oct 30)
- Re: udp packet storms Tim Newsham (Oct 30)
- Re: udp packet storms Darren Reed (Oct 31)
- Re: udp packet storms Perry E. Metzger (Oct 31)
- Re: udp packet storms anthony baxter (Oct 31)
- Re: udp packet storms Paul 'Shag' Walmsley (Oct 31)
- Re: udp packet storms Darren Reed (Oct 31)
- CPF: 5th USENIX UNIX Security Symposium Frederick M Avolio (Oct 31)
- Re: udp packet storms (more results) Paul 'Shag' Walmsley (Oct 31)