[138] in bugtraq
Re: udp packet storms
daemon@ATHENA.MIT.EDU (Darren Reed)
Tue Nov 1 04:04:35 1994
From: Darren Reed <avalon@coombs.anu.edu.au>
To: perry@imsi.com
Date: Tue, 1 Nov 1994 19:10:11 +1100 (EDT)
Cc: mike_raffety@il.us.swissbank.com, bugtraq@fc.net
In-Reply-To: <9411010602.AA02494@snark.imsi.com> from "Perry E. Metzger" at Nov 1, 94 01:02:20 am
>
>
> You miss the point. It is unrelated to responding to broadcast pings
> -- thats perfectly fine behavior. The problem is one of sending to the
> broadcast address by accident, because that allows you to reply to a
> packet who's source address is the broadcast address without realizing
> that you might do so.
>
> .pm
Well, with some help I've managed to conduct some experiments on udp
broadcast packets and the echo port...I was testing on an ethernet with
two Suns, an LX (Solaris2) and a SS2 (SunOS 4)...it went something like this:
10.1.2.0,echo -> 10.1.2.0,echo (forged packet)
10.1.2.1,echo -> 10.1.2.0,echo
10.1.2.2,echo -> 10.1.2.0,echo
10.1.2.2,echo -> 10.1.2.1,echo
10.1.2.1,echo -> 10.1.2.2,echo
10.1.2.2,echo -> 10.1.2.1,echo
10.1.2.1,echo -> 10.1.2.2,echo
...
and it is still going on :-) With just these two hosts, continually going
at each other, ping from one to the other still averages 1ms...using spray
(maybe this ain't such a good measure):
10.1.2.1 /> spray -c 1000 -l 1480 10.1.2.2
sending 1000 packets of lnth 1482 to 10.1.2.2 ...
in 10.7 seconds elapsed time,
585 packets (58.50%) dropped
Sent: 93 packets/sec, 135.0K bytes/sec
Rcvd: 38 packets/sec, 56.0K bytes/sec
Darren
