[128] in bugtraq
Re: udp packet storms
daemon@ATHENA.MIT.EDU (Darren Reed)
Mon Oct 31 13:57:14 1994
From: Darren Reed <avalon@coombs.anu.edu.au>
To: perry@imsi.com
Date: Tue, 1 Nov 1994 03:31:36 +1100 (EDT)
Cc: newsham@zang.kcc.hawaii.edu, bugtraq@fc.net
In-Reply-To: <9410311344.AA01126@snark.imsi.com> from "Perry E. Metzger" at Oct 31, 94 08:44:49 am
[...]
> This is certainly a bug, and a bad one. You aren't supposed to have to
> hack every program that uses UDP not to reply on the broadcast
> address; the need for the sockopt if you want to do a broadcast is
> supposed to protect you. This is Very Bad News. It means that it is
> possible to disable remote networks by sending out chernobylgrams to
> them provided the router shares the defect -- and many firewall
> routers these days run by people who believe in packet filtering are
> BSD based and might have this flaw.
>
> Could people tell us which operating systems have this defect and
> which do not? This is an important one to catch before the evil folks
> get out their packet forgers.
>
> Perry
Don't be fooled by routers (cisco is a good example) which will answer
broadcast ping's - udp broadcast still plough on through...and back comes
the flood...(just tested this - ping 1.2.3.0 made the router reply but
using Tim's program, the entire subnet it had wanted to `protect' wanted to
answer). It would appear that inetd (on HP-UX at least) sets SO_BROADCAST
when it sets up internal services (such as echo)...
darren
