[21914] in bugtraq
Re: UDP packet handling weird behaviour of various operating systems
daemon@ATHENA.MIT.EDU (Cade Cairns)
Thu Jul 26 19:38:40 2001
Date: Thu, 26 Jul 2001 16:39:23 -0600 (MDT)
From: Cade Cairns <cairnsc@securityfocus.com>
To: Michal Zalewski <lcamtuf@gis.net>
Cc: Stefan Laudat <stefan@mail.allianztiriac.ro>, <bugtraq@securityfocus.com>
In-Reply-To: <Pine.LNX.4.21.0107251732400.747-100000@nimue.bos.bindview.com>
Message-ID: <Pine.GSO.4.30.0107261637260.29142-100000@mail>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 25 Jul 2001, Michal Zalewski wrote:
> Uh-huh. Tested it on Linux 2.2 and 2.4, can't confirm the problem. It
> would be pretty strange, btw, since it simply generates normal UDP packet,
> no black magic, really, and remote system, unless there's comast service
> running, politely responds with 'ICMP destination port unreachable', which
> is translated into 'Connection refused'.
After Stefan made his post to Bugtraq, I performed a few tests on machines
running Linux 2.2.14 and Linux 2.4.0. I wrote a simple test program to
send a large number of small messages to an arbitrary serviceless port on
the target machines.
I was able to reproduce the problem on a slower (400mhz) machine running
2.4.0, it virtually stopped responding until the flood ended.
Cade Cairns
SecurityFocus
http://www.securityfocus.com/
