Re: UDP packet handling weird behaviour of various operating systems

[Lisa Napier <lnapier () cisco com>]

Hi Stefan,

Sorry to take so long to reply to this thread.  Frankly, our team has been 
busy with Code Red response activities, and didn't catch the Cisco 
reference in your original post.

We've set this up in the lab, and don't see the same issues.  I've worked 
on a few UDP flood cases where the target server was definitely having 
problems, but the IOS gear was just fine; that was what we were using to 
troubleshoot the problem.  Through traffic is what the box is designed to 
handle.

I'd be interested to review your test configuration and topology; if this 
is a legitimate problem we'd certainly like to fix it as quickly as 
possible.  Being a vendor, of course we'd really appreciate notification of 
problems such as this prior to public posting.  Additionally, as we simply 
didn't see the reference to our products in your notification, we're a bit 
embarrassed by the time lag in our response.

Thanks much,


Lisa Napier
Product Security Incident Response Team
Cisco Systems


At 03:48 PM 7/25/2001, Stefan Laudat wrote:
> > Uh-huh. Tested it on Linux 2.2 and 2.4, can't confirm the problem. It
> > would be pretty strange, btw, since it simply generates normal UDP packet,
> > no black magic, really, and remote system, unless there's comast service
> > running, politely responds with 'ICMP destination port unreachable', which
> > is translated into 'Connection refused'.
>
> One extra thing I haven't underlined so well in my announce: cisco routers
> (and as well as other ones maybe) start crawling even forwarding the flood not
> being the target itself only. Looks like an UDP handling problem for me :(
> I have managed to kill a 7513 Cisco Router with DCEF enabled and loads of
> other speed hacks. Try it for yourself :)
>
> --
> Stefan Laudat
> CCNA,CCAI
> Senior Network Engineer
> Allianz-Tiriac SA
>
> "Let's call it an accidental feature."
>         -- Larry Wall