[21929] in bugtraq
Re: UDP packet handling weird behaviour of various operating systems
daemon@ATHENA.MIT.EDU (Radu-Adrian Feurdean)
Fri Jul 27 12:22:35 2001
Date: Fri, 27 Jul 2001 12:55:45 +0200 (CEST)
From: Radu-Adrian Feurdean <raf@chez.com>
To: Michal Zalewski <lcamtuf@gis.net>
Cc: Stefan Laudat <stefan@mail.allianztiriac.ro>, bugtraq@securityfocus.com
In-Reply-To: <Pine.LNX.4.21.0107251732400.747-100000@nimue.bos.bindview.com>
Message-ID: <Pine.LNX.4.21.0107271246240.3329-100000@WormHole.Intra.ZEHC.Net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 25 Jul 2001, Michal Zalewski wrote:
> On Tue, 24 Jul 2001, Stefan Laudat wrote:
>
> > http://rootshell.com/archive-j457nxiqi3gq59dv/199803/biffit.c
>
> Uh-huh. Tested it on Linux 2.2 and 2.4, can't confirm the problem. It
> would be pretty strange, btw, since it simply generates normal UDP packet,
> no black magic, really, and remote system, unless there's comast service
> running, politely responds with 'ICMP destination port unreachable', which
> is translated into 'Connection refused'.
>
> > 1. Linux 2.4.7 UP (pristine source, waiting for a new shiny Alan Cox patch)
> > - system gets frozen after 3 seconds of flood on a gigabit link.
>
> Maybe there's comsat service running? Or you made system too busy handling
> I/O by flooding using 1 Gbit (I doubt it)...
Tested several times with 2.2 kernels (and in the past with 2.0). If a logging
firewall is used machine becomes unresponsive, but if the flood does dot take
much time, it recovers after the flood ends.
Without a logging firewall, the machine remains responsive, but becomes much
slower. This highly depends on teh packet rate, but on a 100Mbps link it is
close to impossible to make it get frozen. Mainly because packets get dropped.
>
> > 3. Windows 2000 Server UP. - the system graphs jump from 2% cpu usage
> > (in a calm evening with no ongoing backups and domain
> > synchronizations) to approx. 35% and holds it steady.
What about packet loss ?
Radu-Adrian Feurdean
mailto: raf@chez.com
----------------------------------------------------------------------------
The light at the end of the tunnel is the headlight of an approaching train.
