Re: udp packet storms

[matt () uts EDU AU (Jas)]

Pat Myrto wrote this...
> "In the previous message, Tim Newsham said..."
> > There's at least one way to make a UDP packet storm.  Not
> > very hard to do:
> >
> >    src address = 255.255.255.255 port 7
> >    dst address = <some host> port 7
> >
> > the port will be echoed by the inetd (echo port) back to the
> > sender (255.255.255.255 port 7).  Each machine with an inetd
> > that has echo enabled will echo the packet back to the first
> > machine.  Broadcast addresses need not be used:
> >
> >   src address = <some host> port 7
> >   dst address = <some other host> port 7
> >
> > I imagine the same can be done with talkd packets.  UDP source
> > addresses are easy to forge.
>
> That's interesting - it amounts to a feedback loop (in electrical
> or audio terminology).  Is there a way to interrupt this sort of
> thing (short of killing inetd or the involved daemon) or rebooting (a
> drastic method of doing the same thing)?
>
> How would one prevent this without disabling the udp services?
hack up inetd to check for broadcast src addresses and/or kill source
routing (or at the very least restrict it).


                                        Matt

--

        Matthew Keenan
        Systems Programmer               Information Technology Division
        University of Technology Sydney                        Australia

        www:    http://milliways.itd.uts.edu.au/~matt/
        email:  matt () uts edu au
        phone:  +61 2 330 1390          "Don't murder a man who is about
        fax:    +61 2 330 1999          to commit suicide."
        home:   +61 2 416 5722          -- Machiavelli

GCV 2.1 GAT/M/CS d--(-+) H-- s++:-- g+ p? !au a-(?) w+++ v+ C+++$
        UVS++++$ P+>+++ L- 3+++ E-(++) N++ K W--- M+ V-- -po+(+) Y+ t+
        !5>++ jx R+ G? !tv b+++ D++ B e+ u--(**) h- f+(*) r n- !y