Pat Myrto wrote this... > > "In the previous message, Tim Newsham said..." > > > > > > There's at least one way to make a UDP packet storm. Not > > very hard to do: > > > > src address = 255.255.255.255 port 7 > > dst address = <some host> port 7 > > > > the port will be echoed by the inetd (echo port) back to the > > sender (255.255.255.255 port 7). Each machine with an inetd > > that has echo enabled will echo the packet back to the first > > machine. Broadcast addresses need not be used: > > > > src address = <some host> port 7 > > dst address = <some other host> port 7 > > > > I imagine the same can be done with talkd packets. UDP source > > addresses are easy to forge. > > That's interesting - it amounts to a feedback loop (in electrical > or audio terminology). Is there a way to interrupt this sort of > thing (short of killing inetd or the involved daemon) or rebooting (a > drastic method of doing the same thing)? > > How would one prevent this without disabling the udp services? hack up inetd to check for broadcast src addresses and/or kill source routing (or at the very least restrict it). Matt -- Matthew Keenan Systems Programmer Information Technology Division University of Technology Sydney Australia www: http://milliways.itd.uts.edu.au/~matt/ email: matt@uts.edu.au phone: +61 2 330 1390 "Don't murder a man who is about fax: +61 2 330 1999 to commit suicide." home: +61 2 416 5722 -- Machiavelli GCV 2.1 GAT/M/CS d--(-+) H-- s++:-- g+ p? !au a-(?) w+++ v+ C+++$ UVS++++$ P+>+++ L- 3+++ E-(++) N++ K W--- M+ V-- -po+(+) Y+ t+ !5>++ jx R+ G? !tv b+++ D++ B e+ u--(**) h- f+(*) r n- !y