Bugtraq mailing list archives
Re: Reachable addresses on the net (was SYN floods)
From: jared () wolverine hq cic net (Jared Mauch)
Date: Tue, 3 Sep 1996 02:49:43 -0400
Well, all I have to say is that 127.0.0.0 is routed via your lo device. :-) This infromation is misleading. Yes, lots of sites out there are reachable, and if you're looking for a nonexistant host, get on a router that runs full routing, and look at it's routing table, find a space that isn't routed and you're there. If you wanna find a host, find address space which is routed, and start at the top or bottom of a /24, that's where most people number their machines from. - jared Oliver Xymoron graced my mailbox with this long sought knowledge:
The discussion of whether a random address was reachable (someone had claimed about half were) got me thinking.. what percentage of addresses are in fact reachable? Should be easy enough to find out - just write a little Perl script to ping random hosts.. a day and several full file and process tables, and about two hours of actual runtime later: --- ... +160.16.82.221 (151/31246= 0.4833%) 6597s 4.74pings/s +127.232.79.6 (152/31326= 0.4852%) 6614s 4.74pings/s +130.151.41.1 (153/31332= 0.4883%) 6615s 4.74pings/s +127.123.38.41 (154/31477= 0.4892%) 6646s 4.74pings/s +127.164.49.30 (155/31479= 0.4924%) 6646s 4.74pings/s +127.217.192.59 (156/31561= 0.4943%) 6664s 4.74pings/s +127.148.252.233 (157/31576= 0.4972%) 6667s 4.74pings/s +127.120.54.186 (158/31641= 0.4994%) 6680s 4.74pings/s +127.10.92.143 (159/31680= 0.5019%) 6689s 4.74pings/s +127.96.165.69 (160/32091= 0.4986%) 6775s 4.74pings/s +127.153.219.200 (161/32515= 0.4952%) 6864s 4.74pings/s +127.42.59.52 (162/32806= 0.4938%) 6925s 4.74pings/s +127.239.225.13 (163/32869= 0.4959%) 6938s 4.74pings/s +127.142.104.4 (164/33048= 0.4962%) 6976s 4.74pings/s +127.175.215.62 (165/33111= 0.4983%) 6989s 4.74pings/s +140.122.51.171 (166/33568= 0.4945%) 7085s 4.74pings/s +127.253.175.177 (167/33724= 0.4952%) 7118s 4.74pings/s +127.20.8.231 (168/33978= 0.4944%) 7171s 4.74pings/s +127.190.255.36 (169/34368= 0.4917%) 7253s 4.74pings/s +127.119.24.35 (170/35244= 0.4824%) 7437s 4.74pings/s Tried: 35519 Reached: 170 ( 0.4786%) Runtime: 7495 s at 4.74 pings/s Probable reachable sites on the net: 20556446 --- The program forks 50 times (giving a load average of about 0.1 on my machine), and the parent sends a random address to each child to try. When the child pings or times out after 10 seconds, it returns a message to the parent which tabulates it and sends a new address to try. It makes some small effort to keep outgoing pings from piling up on each other as well. Gave me an excuse to try out pipes, select, and signal handling in Perl.. As you can see, the address space is still quite sparse (less than 1 out of every 200 addresses is reachable in my test), with most being inside the 127 net. At least for the purpose of SYN flooding, the assumption that a random address is unreachable is probably safe and probably quite useful. Any local protection has to bear this in mind, and perhaps keep a cache of known good addresses handy. [program code nuked]
Current thread:
- Re: Reachable addresses on the net (was SYN floods) Jared Mauch (Sep 02)
- <Possible follow-ups>
- Re: Reachable addresses on the net (was SYN floods) der Mouse (Sep 03)
- Re: Reachable addresses on the net (was SYN floods) Alan Brown (Sep 05)
- [linux-security] samba 1.9.16p2-2 (RedHat): Damn /tmp security Zygo Blaxell (Sep 10)
- Re: Reachable addresses on the net (was SYN floods) Oliver Xymoron (Sep 03)
- Re: Reachable addresses on the net (was SYN floods) Oliver Xymoron (Sep 03)
- Re: Reachable addresses on the net (was SYN floods) Alan Cox (Sep 04)
- quick and dirty x-protect *Hobbit* (Sep 04)
- Re: Reachable addresses on the net (was SYN floods) Charles M. Hannum (Sep 10)