From owner-freebsd-security  Fri Jan 21 23:14:17 2000
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP id 7AD7E1556C
	for <security@FreeBSD.ORG>; Fri, 21 Jan 2000 23:14:14 -0800 (PST)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id XAA68370;
	Fri, 21 Jan 2000 23:14:09 -0800 (PST)
	(envelope-from dillon)
Date: Fri, 21 Jan 2000 23:14:09 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200001220714.XAA68370@apollo.backplane.com>
To: Wes Peters <wes@softweyr.com>
Cc: Brett Glass <brett@lariat.org>, Warner Losh <imp@village.org>,
	Darren Reed <avalon@coombs.anu.edu.au>, security@FreeBSD.ORG
Subject: Re: stream.c worst-case kernel paths
References: <200001210417.PAA24853@cairo.anu.edu.au>
	 <200001210642.XAA09108@harmony.village.org> <4.2.2.20000121163937.01a51dc0@localhost> <200001220035.QAA65392@apollo.backplane.com> <38895924.5C358388@softweyr.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


:
:Matthew Dillon wrote:
:> 
:>     I wouldn't worry about multicast addresses for several reasons.  First, very
:>     few machines actually run a multicast router.  No router, no problem.  Second,
:>     multicast tunnels tend to be bandwidth limited anyway.  Third, from the point
:>     of view of victimizing someone multicast isn't going to get you very far
:>     because we already check for a multicast destination.  We don't really need
:>     to check for a multicast source because it's really no different from a
:>     victimizing point of view as a non-multicast source address.
:
:In my testing this morning, I was running stream against a FreeBSD 3.4-R
:machine with two interfaces, one on a private net and one one our main
:LAN.  When I hit it with stream using random addresses, it was generating
:multicast addresses.  The target machine began flooding the ACKs onto the
:main LAN, even though net.inet.ip.forwarding = 0.
:
:Who needs a multicast router?  I brought 400 machines to their knees and
:completely flooded a frac T-1 from what was supposed to be an *isolated*
:test network.
:
:Wes Peters                                                         Softweyr LLC
:wes@softweyr.com                                           http://softweyr.com/

    Heh heh.  I guess that means I'll have to concede the point.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message