[21935] in bugtraq
Re: UDP packet handling weird behaviour of various operating systems
daemon@ATHENA.MIT.EDU (Juergen P. Meier)
Fri Jul 27 13:35:02 2001
Date: Fri, 27 Jul 2001 17:26:30 +0200
From: "Juergen P. Meier" <jpm@jors.net>
To: Stefan Laudat <stefan@mail.allianztiriac.ro>
Cc: bugtraq@securityfocus.com
Message-ID: <20010727172629.A13637@fm.rz.fh-muenchen.de>
Reply-To: jpm@class.de
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010724233639.A5717@allianztiriac.ro>; from stefan@mail.allianztiriac.ro on Tue, Jul 24, 2001 at 11:36:39PM +0300
> http://rootshell.com/archive-j457nxiqi3gq59dv/199803/biffit.c
>
> 1. Linux 2.4.7 UP (pristine source, waiting for a new shiny Alan Cox patch)
> - system gets frozen after 3 seconds of flood on a gigabit link.
> Same result at a 100Mbps. The top utility shows (at least as long as it can)
> that system(kernel) gets 100% of the CPU in its march to death. Same for
> Linux kernel 2.2.19.
2.4.6 (modular, unpatched, selfcompiled) on an old P133:
biffit against loopback: 99% cpu(system), no slowdown, system
responds normaly. (no slowdown)
biffit against eth0: same effect. (doh, cause linux sends it over loopback)
Biffit from a PIII/600 FDX 100mbit connected: same as above.
in the later case: my ssh connection to that system (going through the
same nic that was target) became a bit sluggish. Console access showed no
impact.
It obviously just consumes idle time. Interupt load was not very high.
(ping -f is much worse for interrupts)
Hardware:
Board: ASUS p55tp4n (Intel FX chipset)
CPU: P133 (with F00F bug)
RAM: 64mb
eth0: RealTek RTL8139 Fast Ethernet at 0xc480b000, 00:00:cb:11:22:33, IRQ 11
eth0: Identified 8139 chip type 'RTL-8139C'
(nothing else on IRQ11)
running squid, a webserver, 3 ssh connections, and having several iptables
rules (those udp packets matched ACCEPT-rule #2 (loopback case) and rule #4
on input chain)
no SMP.
> I would like to hear some other results for other operating systems.
Windows 98 (running on the P3/600):
25% load. no side effects
Juergen
--
Juergen P. Meier
