Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1998: Re: pingflood.c

Re: pingflood.c

pedwardWEBCOM.COM
Mon, 18 May 1998 12:37:24 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Niall Smart: "Re: pingflood.c"
Previous message: Oliver Friedrichs: "Re: NFS shell"

>
> On most machines select returns -1, errno=EINTR on a signal that is handled.
>

You are correct. To fix the original code I posted, here goes:


[note, it will probably take longer than the interval, because of the number of
calls involved, but that's your thing]

void mysleep(int seconds)
{
        struct timeval tv_now;
        struct timeval tv_then;
        struct timeval tv;

        tv.tv_sec=seconds;
        tv.tv_usec=0;

        gettimeofday(&tv_now);

        tv_then.tv_sec = tv_now.tv_sec + seconds;
        tv_then.tv_usec = 0;

        while(select(0,NULL,NULL,NULL,&tv) != 0) {
                gettimeofday(&tv_now);

                tv.tv_sec = tv_then.tv_sec - tv_now.tv_sec;
                tv.tv_usec = tv_then.tv_usec - tv_now.tv_usec;

        }

}

There you go.  It just shows how such an insignificant little thing can consume a lot
of time to solve.

>
> Also the real problem is much more fundamental than all of the ping -f
> arguments. Consider
>
>       fork 10 pings
>       while(1)
>       {
>               kill all pings
>               as we get sigcld fork new ones
>               delay (not long)
>       }
>
> Another ping -f style attack. Or I could use UDP to send billions of
> packets - far far simpler.
>

I concur, UDP is fully user level, and it can be programmed much easier than ICMP.

>
> There is only one serious way to handle this, and it goes beyond the
> conventional Unix networking. Like any other resource you quota users
> in packets/bytes per second. Secure network folk would probably like a per
> user BPF filter that must say Yes to any packet the user attempts to send
> as well. I don't think anyone is addressing this right now.
>
> Alan
>

--Perry

--
Perry Harrington        System Software Engineer    zelur xuniL  ()
http://www.webcom.com  perry.harringtonwebcom.com  Think Blue.  /\

Next message: Niall Smart: "Re: pingflood.c"
Previous message: Oliver Friedrichs: "Re: NFS shell"