From owner-freebsd-security Fri Jan 21 23:13: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from ind.alcatel.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id 02ED614C3C for ; Fri, 21 Jan 2000 23:13:06 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com (mailhub [198.206.181.70]) by ind.alcatel.com (8.9.3+Sun/8.9.1 (ind.alcatel.com 3.0 [OUT])) with SMTP id XAA25017; Fri, 21 Jan 2000 23:11:24 -0800 (PST) X-Origination-Site: Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id XAA03015; Fri, 21 Jan 2000 23:11:24 -0800 Received: from softweyr.com (homer.softweyr.com [204.68.178.39]) by omni.xylan.com (8.9.3+Sun/8.9.1 (Xylan engr [SPOOL])) with ESMTP id XAA27653; Fri, 21 Jan 2000 23:10:01 -0800 (PST) Message-ID: <38895924.5C358388@softweyr.com> Date: Sat, 22 Jan 2000 00:15:48 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Matthew Dillon Cc: Brett Glass , Warner Losh , Darren Reed , security@freebsd.org Subject: Re: stream.c worst-case kernel paths References: <200001210417.PAA24853@cairo.anu.edu.au> <200001210642.XAA09108@harmony.village.org> <4.2.2.20000121163937.01a51dc0@localhost> <200001220035.QAA65392@apollo.backplane.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matthew Dillon wrote: > > I wouldn't worry about multicast addresses for several reasons. First, very > few machines actually run a multicast router. No router, no problem. Second, > multicast tunnels tend to be bandwidth limited anyway. Third, from the point > of view of victimizing someone multicast isn't going to get you very far > because we already check for a multicast destination. We don't really need > to check for a multicast source because it's really no different from a > victimizing point of view as a non-multicast source address. In my testing this morning, I was running stream against a FreeBSD 3.4-R machine with two interfaces, one on a private net and one one our main LAN. When I hit it with stream using random addresses, it was generating multicast addresses. The target machine began flooding the ACKs onto the main LAN, even though net.inet.ip.forwarding = 0. Who needs a multicast router? I brought 400 machines to their knees and completely flooded a frac T-1 from what was supposed to be an *isolated* test network. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message