[3324] in bugtraq
Re: Reachable addresses on the net (was SYN floods)
daemon@ATHENA.MIT.EDU (der Mouse)
Tue Sep 3 12:12:17 1996
Date: Tue, 3 Sep 1996 06:45:11 -0400
Reply-To: der Mouse <mouse@Holo.Rodents.Montreal.QC.CA>
From: der Mouse <mouse@Holo.Rodents.Montreal.QC.CA>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
> As you can see, the address space is still quite sparse (less than 1
> out of every 200 addresses is reachable in my test), with most being
> inside the 127 net.
...and the 127-net addresses are all hitting your local loopback
anyway. So the address space is even sparser than .5%.
You're also hitting a lot of unallocated address space - most of the
class A space, for example, is unallocated. I'd be interested to see
this done with the addresses probed restricted to allocated space. If
nothing else it'd give some idea just how wastefully address space is
currently being used. Perhaps I'll even do it myself.
> At least for the purpose of SYN flooding, the assumption that a
> random address is unreachable is probably safe and probably quite
> useful. Any local protection has to bear this in mind, and perhaps
> keep a cache of known good addresses handy.
I'm not quite sure what such a cache would be good for.
> Content-Type: TEXT/PLAIN; charset=US-ASCII; name=randping
> Content-Transfer-Encoding: BASE64
If it's in US-ASCII, why BASE64 it? Not that it matters; I just find
it curious.
der Mouse
mouse@rodents.montreal.qc.ca
01 EE 31 F6 BB 0C 34 36 00 F3 7C 5A C1 A0 67 1D
