[21899] in bugtraq
Re: UDP packet handling weird behaviour of various operating systems
daemon@ATHENA.MIT.EDU (Stefan Laudat)
Thu Jul 26 18:14:05 2001
Date: Thu, 26 Jul 2001 01:48:04 +0300
From: Stefan Laudat <stefan@mail.allianztiriac.ro>
To: Michal Zalewski <lcamtuf@gis.net>
Cc: bugtraq@securityfocus.com
Message-ID: <20010726014804.B31276@allianztiriac.ro>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.21.0107251732400.747-100000@nimue.bos.bindview.com>; from lcamtuf@gis.net on Wed, Jul 25, 2001 at 05:38:32PM -0400
> Uh-huh. Tested it on Linux 2.2 and 2.4, can't confirm the problem. It
> would be pretty strange, btw, since it simply generates normal UDP packet,
> no black magic, really, and remote system, unless there's comast service
> running, politely responds with 'ICMP destination port unreachable', which
> is translated into 'Connection refused'.
One extra thing I haven't underlined so well in my announce: cisco routers
(and as well as other ones maybe) start crawling even forwarding the flood not
being the target itself only. Looks like an UDP handling problem for me :(
I have managed to kill a 7513 Cisco Router with DCEF enabled and loads of
other speed hacks. Try it for yourself :)
--
Stefan Laudat
CCNA,CCAI
Senior Network Engineer
Allianz-Tiriac SA
"Let's call it an accidental feature."
-- Larry Wall
