Date: Fri, 21 Jan 2000 23:14:09 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Wes Peters <wes@softweyr.com> Cc: Brett Glass <brett@lariat.org>, Warner Losh <imp@village.org>, Darren Reed <avalon@coombs.anu.edu.au>, security@FreeBSD.ORG Subject: Re: stream.c worst-case kernel paths Message-ID: <200001220714.XAA68370@apollo.backplane.com> References: <200001210417.PAA24853@cairo.anu.edu.au> <200001210642.XAA09108@harmony.village.org> <4.2.2.20000121163937.01a51dc0@localhost> <200001220035.QAA65392@apollo.backplane.com> <38895924.5C358388@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
: :Matthew Dillon wrote: :> :> I wouldn't worry about multicast addresses for several reasons. First, very :> few machines actually run a multicast router. No router, no problem. Second, :> multicast tunnels tend to be bandwidth limited anyway. Third, from the point :> of view of victimizing someone multicast isn't going to get you very far :> because we already check for a multicast destination. We don't really need :> to check for a multicast source because it's really no different from a :> victimizing point of view as a non-multicast source address. : :In my testing this morning, I was running stream against a FreeBSD 3.4-R :machine with two interfaces, one on a private net and one one our main :LAN. When I hit it with stream using random addresses, it was generating :multicast addresses. The target machine began flooding the ACKs onto the :main LAN, even though net.inet.ip.forwarding = 0. : :Who needs a multicast router? I brought 400 machines to their knees and :completely flooded a frac T-1 from what was supposed to be an *isolated* :test network. : :Wes Peters Softweyr LLC :wes@softweyr.com http://softweyr.com/ Heh heh. I guess that means I'll have to concede the point. -Matt Matthew Dillon <dillon@backplane.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001220714.XAA68370>