[111] in bugtraq
Re: udp packet storms
daemon@ATHENA.MIT.EDU (Pat Myrto)
Sun Oct 30 02:17:21 1994
From: rwing!pat@ole.cdac.com (Pat Myrto)
To: newsham@zang.kcc.hawaii.edu (Tim Newsham)
Date: Sat, 29 Oct 94 22:25:13 PDT
Cc: bugtraq@crimelab.com
In-Reply-To: <9410291924.AA09883@zang.kcc.hawaii.edu>; from "Tim Newsham" at Oct 29, 94 9:24 am
"In the previous message, Tim Newsham said..."
>
>
> There's at least one way to make a UDP packet storm. Not
> very hard to do:
>
> src address = 255.255.255.255 port 7
> dst address = <some host> port 7
>
> the port will be echoed by the inetd (echo port) back to the
> sender (255.255.255.255 port 7). Each machine with an inetd
> that has echo enabled will echo the packet back to the first
> machine. Broadcast addresses need not be used:
>
> src address = <some host> port 7
> dst address = <some other host> port 7
>
> I imagine the same can be done with talkd packets. UDP source
> addresses are easy to forge.
That's interesting - it amounts to a feedback loop (in electrical
or audio terminology). Is there a way to interrupt this sort of
thing (short of killing inetd or the involved daemon) or rebooting (a
drastic method of doing the same thing)?
How would one prevent this without disabling the udp services?
>
> Tim N.
>
>
--
pat@rwing [If all fails, try: rwing!pat@eskimo.com] Pat Myrto - Seattle WA
"No one has the right to destroy another person's belief by demanding
empirical evidence." -- Ann Landers, nationally syndicated advice columnist
and Director at Handgun Control Inc.
