On Thu, 26 Jul 2001, Cade Cairns wrote: > After Stefan made his post to Bugtraq, I performed a few tests on > machines running Linux 2.2.14 and Linux 2.4.0. I wrote a simple test > program to send a large number of small messages to an arbitrary > serviceless port on the target machines. I was able to reproduce the > problem on a slower (400mhz) machine running 2.4.0, it virtually > stopped responding until the flood ended. Try the same via loopback device - should not work. I believe this is not Linux kernel UDP handling problem. It might be, as suggested, but something between hardware and software, instead (like "IRQ congestion"), and probably should work for everything - TCP, ICMP? Of course I can be wrong - all I say is that I was not able to reproduce this behavior in my test network, maybe because it is 10 Mbit, and can't see any special reason why UDP attack should be more successful than any other... -- _____________________________________________________ Michal Zalewski [lcamtufat_private] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-=
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 22:37:43 PDT