From owner-freebsd-hackers Fri Oct 25 07:19:50 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA23228 for hackers-outgoing; Fri, 25 Oct 1996 07:19:50 -0700 (PDT) Received: from paloalto.access.hp.com (daemon@paloalto.access.hp.com [15.254.56.2]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA23223 for ; Fri, 25 Oct 1996 07:19:47 -0700 (PDT) Received: from fakir.india.hp.com by paloalto.access.hp.com with ESMTP (1.37.109.16/15.5+ECS 3.3) id AA048513177; Fri, 25 Oct 1996 07:19:41 -0700 Received: from localhost by fakir.india.hp.com with SMTP (1.37.109.16/15.5+ECS 3.3) id AA077244994; Fri, 25 Oct 1996 19:49:54 +0500 Message-Id: <199610251449.AA077244994@fakir.india.hp.com> To: freebsd-hackers@freebsd.org Subject: Ping attacks: NT vs FreeBSD Date: Fri, 25 Oct 1996 19:49:54 +0500 From: A JOSEPH KOSHY Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, You may be pleased to note that FreeBSD is listed as on of the OS'es safe from the Ping o' Death bug. See: http://www.sophist.demon.co.uk/ping/ This attack (basically ping'ing with an illegal IP packet size) can bring down many Unix'en including Linux and NetBSD 1.1. NT seems to survive as does Windows-95. I noticed however that two freebsd machines running `ping -f' onto an NT 3.51 box can effectively stop all TCP/IP activity on the NT machine --- denial of service if you may. The NT machine was on a P6/150, 32MB, unknown ethernet card; the FreeBSD boxes were P5-100s with HP-PC Lan and PCI D-Link cards respectively. I'm intrigued by this behaviour. Is this common or is it just a quirk of this specific NT configuration? Has anyone seem similar behaviour under NT 4.0? Any ideas as to why the denial of service behaviour could be occurring? Koshy