Re: udp packet storms

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Perry E. Metzger: "Re: udp packet storms"
• Previous message: Perry E. Metzger: "Re: udp packet storms"
• In reply to: Perry E. Metzger: "Re: udp packet storms"
• Next in thread: anthony baxter: "Re: udp packet storms"

[...]
> This is certainly a bug, and a bad one. You aren't supposed to have to
> hack every program that uses UDP not to reply on the broadcast
> address; the need for the sockopt if you want to do a broadcast is
> supposed to protect you. This is Very Bad News. It means that it is
> possible to disable remote networks by sending out chernobylgrams to
> them provided the router shares the defect -- and many firewall
> routers these days run by people who believe in packet filtering are
> BSD based and might have this flaw.
> 
> Could people tell us which operating systems have this defect and
> which do not? This is an important one to catch before the evil folks
> get out their packet forgers.
> 
> Perry

Don't be fooled by routers (cisco is a good example) which will answer
broadcast ping's - udp broadcast still plough on through...and back comes
the flood...(just tested this - ping 1.2.3.0 made the router reply but
using Tim's program, the entire subnet it had wanted to `protect' wanted to
answer).  It would appear that inetd (on HP-UX at least) sets SO_BROADCAST
when it sets up internal services (such as echo)...

darren

• Next message: Perry E. Metzger: "Re: udp packet storms"
• Previous message: Perry E. Metzger: "Re: udp packet storms"
• In reply to: Perry E. Metzger: "Re: udp packet storms"
• Next in thread: anthony baxter: "Re: udp packet storms"