From owner-freebsd-security  Fri Jan 21 23:13: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ind.alcatel.com (postal.xylan.com [208.8.0.248])
	by hub.freebsd.org (Postfix) with ESMTP id 02ED614C3C
	for <security@freebsd.org>; Fri, 21 Jan 2000 23:13:06 -0800 (PST)
	(envelope-from wes@softweyr.com)
Received: from mailhub.xylan.com (mailhub [198.206.181.70])
	by ind.alcatel.com (8.9.3+Sun/8.9.1 (ind.alcatel.com 3.0 [OUT])) with SMTP id XAA25017;
	Fri, 21 Jan 2000 23:11:24 -0800 (PST)
X-Origination-Site: <ind.alcatel.com>
Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB]))
	id XAA03015; Fri, 21 Jan 2000 23:11:24 -0800
Received: from softweyr.com (homer.softweyr.com [204.68.178.39])
	by omni.xylan.com (8.9.3+Sun/8.9.1 (Xylan engr [SPOOL])) with ESMTP id XAA27653;
	Fri, 21 Jan 2000 23:10:01 -0800 (PST)
Message-ID: <38895924.5C358388@softweyr.com>
Date: Sat, 22 Jan 2000 00:15:48 -0700
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: Brett Glass <brett@lariat.org>, Warner Losh <imp@village.org>,
	Darren Reed <avalon@coombs.anu.edu.au>, security@freebsd.org
Subject: Re: stream.c worst-case kernel paths
References: <200001210417.PAA24853@cairo.anu.edu.au>
	 <200001210642.XAA09108@harmony.village.org> <4.2.2.20000121163937.01a51dc0@localhost> <200001220035.QAA65392@apollo.backplane.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Matthew Dillon wrote:
> 
>     I wouldn't worry about multicast addresses for several reasons.  First, very
>     few machines actually run a multicast router.  No router, no problem.  Second,
>     multicast tunnels tend to be bandwidth limited anyway.  Third, from the point
>     of view of victimizing someone multicast isn't going to get you very far
>     because we already check for a multicast destination.  We don't really need
>     to check for a multicast source because it's really no different from a
>     victimizing point of view as a non-multicast source address.

In my testing this morning, I was running stream against a FreeBSD 3.4-R
machine with two interfaces, one on a private net and one one our main
LAN.  When I hit it with stream using random addresses, it was generating
multicast addresses.  The target machine began flooding the ACKs onto the
main LAN, even though net.inet.ip.forwarding = 0.

Who needs a multicast router?  I brought 400 machines to their knees and
completely flooded a frac T-1 from what was supposed to be an *isolated*
test network.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message