Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: UDP packet handling weird behaviour of various operating systems

From: Michal Zalewski <lcamtuf () gis net>
Date: Thu, 26 Jul 2001 21:30:01 -0400 (EDT)
On Thu, 26 Jul 2001, Cade Cairns wrote:


After Stefan made his post to Bugtraq, I performed a few tests on
machines running Linux 2.2.14 and Linux 2.4.0.  I wrote a simple test
program to send a large number of small messages to an arbitrary
serviceless port on the target machines. I was able to reproduce the
problem on a slower (400mhz) machine running 2.4.0, it virtually
stopped responding until the flood ended.


Try the same via loopback device - should not work. I believe this is not
Linux kernel UDP handling problem. It might be, as suggested, but
something between hardware and software, instead (like "IRQ congestion"),
and probably should work for everything - TCP, ICMP? Of course I can be
wrong - all I say is that I was not able to reproduce this behavior in my
test network, maybe because it is 10 Mbit, and can't see any special
reason why UDP attack should be more successful than any other...

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
Previous By Date Next
Previous By Thread Next

Current thread: