[21952] in bugtraq
Re: UDP packet handling weird behaviour of various operating systems
daemon@ATHENA.MIT.EDU (Keith Warno)
Fri Jul 27 23:06:16 2001
Message-ID: <3B61E899.64E5071@valaran.com>
Date: Fri, 27 Jul 2001 18:18:01 -0400
From: Keith Warno <keith.warno@valaran.com>
MIME-Version: 1.0
To: jpm@class.de
Cc: Stefan Laudat <stefan@mail.allianztiriac.ro>, bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
"Juergen P. Meier" wrote:
>
> > http://rootshell.com/archive-j457nxiqi3gq59dv/199803/biffit.c
> >
> > 1. Linux 2.4.7 UP (pristine source, waiting for a new shiny Alan Cox patch)
> > - system gets frozen after 3 seconds of flood on a gigabit link.
> > Same result at a 100Mbps. The top utility shows (at least as long as it can)
> > that system(kernel) gets 100% of the CPU in its march to death. Same for
> > Linux kernel 2.2.19.
>
> 2.4.6 (modular, unpatched, selfcompiled) on an old P133:
>
> biffit against loopback: 99% cpu(system), no slowdown, system
> responds normaly. (no slowdown)
> biffit against eth0: same effect. (doh, cause linux sends it over loopback)
Confirmed, with kernel 2.4.7 (unpatched, selfcompiled, modular). ~99%
CPU usage, but no slowdown. Although the hardware is quite different --
proc: Thunderbird 1000
ram: 384 MB
mobo: MSI MS6340 micro atx, VIA KT 133
NIC: LinkSys LNE100TX v4.1 (using kernel-distributed tulip driver, not
that from Scyld)
(eth0: ADMtek Comet rev 17) -- altho this is irrelevent isn't it.
I've been using 2.4.whatever for only the past couple of weeks. Maybe
I'm missing something. I don't run any UDP services whatsoever and
would never run comsat under any circumstance. So, why does the
sendto() in biffit.c not fail when sending to localhost? When I boot
back to 2.2.19 and try the same thing, I get what I expect: Connection
refused. Hrmm. Unless I missed something in the kernel docs regarding
loopback behavior, the displayed 2.4.7 behavior seems like a Bad Thing.
kw
--
| Keith Warno cell: +1 609-209-5800
| http://www.valaran.com/ work: +1 609-716-7200 x243
| Valaran Corporation Penguin Guy SMS : kw-mobile@valaran.com
+--------------------------------------------------------------//
