[6808] in bugtraq
Re: pingflood.c
daemon@ATHENA.MIT.EDU (pedward@WEBCOM.COM)
Tue May 19 18:39:43 1998
Date: Mon, 18 May 1998 12:37:24 -0700
Reply-To: pedward@WEBCOM.COM
From: pedward@WEBCOM.COM
X-To: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <m0ybWCk-000aOnC@the-village.bc.nu> from "Alan Cox" at May 18,
98 09:08:13 pm
>
> On most machines select returns -1, errno=EINTR on a signal that is handled.
>
You are correct. To fix the original code I posted, here goes:
[note, it will probably take longer than the interval, because of the number of
calls involved, but that's your thing]
void mysleep(int seconds)
{
struct timeval tv_now;
struct timeval tv_then;
struct timeval tv;
tv.tv_sec=seconds;
tv.tv_usec=0;
gettimeofday(&tv_now);
tv_then.tv_sec = tv_now.tv_sec + seconds;
tv_then.tv_usec = 0;
while(select(0,NULL,NULL,NULL,&tv) != 0) {
gettimeofday(&tv_now);
tv.tv_sec = tv_then.tv_sec - tv_now.tv_sec;
tv.tv_usec = tv_then.tv_usec - tv_now.tv_usec;
}
}
There you go. It just shows how such an insignificant little thing can consume a lot
of time to solve.
>
> Also the real problem is much more fundamental than all of the ping -f
> arguments. Consider
>
> fork 10 pings
> while(1)
> {
> kill all pings
> as we get sigcld fork new ones
> delay (not long)
> }
>
> Another ping -f style attack. Or I could use UDP to send billions of
> packets - far far simpler.
>
I concur, UDP is fully user level, and it can be programmed much easier than ICMP.
>
> There is only one serious way to handle this, and it goes beyond the
> conventional Unix networking. Like any other resource you quota users
> in packets/bytes per second. Secure network folk would probably like a per
> user BPF filter that must say Yes to any packet the user attempts to send
> as well. I don't think anyone is addressing this right now.
>
> Alan
>
--Perry
--
Perry Harrington System Software Engineer zelur xuniL ()
http://www.webcom.com perry.harrington@webcom.com Think Blue. /\
