Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormOmachonu OgaliPACKETSTORM:10352
HistoryFeb 24, 2000 - 12:00 a.m.

fbsd-ping.txt

2000-02-2400:00:00
Omachonu Ogali
packetstormsecurity.com
26
JSON
`  
--0-1774392370-951065021=:49727  
Content-Type: TEXT/PLAIN; charset=US-ASCII  
  
Attached unofficial patch to drop ICMP packets larger than 8184 bytes.  
E-Mail/Flame me if not liked...  
  
I wanted to be able to set the maximum value via sysctl but I'm not sure  
if I'll break anything, feel free to pick up from there.  
  
On Sat, 19 Feb 2000 [email protected] wrote:  
  
>   
> >Number: 16828  
> >Category: kern  
> >Synopsis: High Speed Pinging Over 8184 bytes Kills Server Instantly  
> >Confidential: no  
> >Severity: critical  
> >Priority: high  
> >Responsible: freebsd-bugs  
> >State: open  
> >Quarter:   
> >Keywords:   
> >Date-Required:  
> >Class: sw-bug  
> >Submitter-Id: current-users  
> >Arrival-Date: Sat Feb 19 20:10:01 PST 2000  
> >Closed-Date:  
> >Last-Modified:  
> >Originator: Ahsanul Shajan Alam  
> >Release: 3.3-RELEASE  
> >Organization:  
> TheCoolHost.com, Inc.  
> >Environment:  
> FreeBSD big_server1.webdevstudio.com 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Thu Sep 16 23:40:35 GMT 1999 [email protected]:/usr/src/sys/compile/GENERIC i386  
> >Description:  
> High speed pinging to anyone or from anyone on a local ethernet network with packet sizes over 8184 bytes will bring down the server, regardless of whether packets were being directed to it or another target which is online OR offline. Once pinging starts from any other machine, if local the BSD server will go down immediately, if from a remote source, it will go down in a few seconds.  
>   
> What makes this problem really bad is the fact that the target of the pings does not even have to be the server, it can be any on the ethernet segment...  
> >How-To-Repeat:  
> pick any LINUX box and do a:  
>   
> ping -fs 10000 <any IP on the local ethernet network>  
>   
> But note: if the ping packets are exactly 8184 bytes, the server will just respond back at them and "laugh", if larger (ideally 10000 bytes) the server will die immediately...  
> >Fix:  
> get upstream provider to disable ping packets from coming in, BUT that will NOT protect you if the source of the pings is on the same ethernet segment. Desparate to find a "cure" to this problem. Please email: [email protected] or [email protected] if you know of any solutions, or if anybody can send me exactly what I need to type in to disable pings via IPFW... hmm... Thanks for you time.  
>   
> >Release-Note:  
> >Audit-Trail:  
> >Unformatted:  
>   
>   
> To Unsubscribe: send mail to [email protected]  
> with "unsubscribe freebsd-bugs" in the body of the message  
>   
  
--   
+-------------------------------------------------------------------------+  
| Omachonu Ogali [email protected] |  
| Intranova Networking Group http://tribune.intranova.net |  
| PGP Key ID: 0xBFE60839 |  
| PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 |  
+-------------------------------------------------------------------------+  
  
--0-1774392370-951065021=:49727  
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="icmp.large.drop"  
Content-Transfer-Encoding: BASE64  
Content-ID: <[email protected]>  
Content-Description:   
Content-Disposition: attachment; filename="icmp.large.drop"  
  
LS0tIGlwX2lucHV0LmMub3JpZwlTdW4gRmViIDIwIDExOjMxOjQ0IDIwMDAN  
CisrKyBpcF9pbnB1dC5jCVN1biBGZWIgMjAgMTE6Mzc6MzEgMjAwMA0KQEAg  
LTM0OCw2ICszNDgsMTYgQEANCiAJTlRPSFMoaXAtPmlwX29mZik7DQogDQog  
CS8qDQorCSAqIERyb3AgZXhjZXNzaXZlbHkgbGFyZ2UgSUNNUCBwYWNrZXRz  
ICg+IDgxODQgYnl0ZXMpDQorCSAqIC0gb29nYWxpQGludHJhbm92YS5uZXQN  
CisJICovDQorDQorCWlmICgoaXAtPmlwX2xlbiA+IDgxODQpICYmIChpcC0+  
aXBfcCA9PSBJUFBST1RPX0lDTVApKSB7DQorCQlpcHN0YXQuaXBzX3Rvb2xv  
bmcrKzsNCisJCWdvdG8gYmFkOw0KKwl9DQorDQorCS8qDQogCSAqIENoZWNr  
IHRoYXQgdGhlIGFtb3VudCBvZiBkYXRhIGluIHRoZSBidWZmZXJzDQogCSAq  
IGlzIGFzIGF0IGxlYXN0IG11Y2ggYXMgdGhlIElQIGhlYWRlciB3b3VsZCBo  
YXZlIHVzIGV4cGVjdC4NCiAJICogVHJpbSBtYnVmcyBpZiBsb25nZXIgdGhh  
biB3ZSBleHBlY3QuDQo=  
--0-1774392370-951065021=:49727--  
  
  
To Unsubscribe: send mail to [email protected]  
with "unsubscribe freebsd-security" in the body of the message  
  
--------------94AC7D254C33FCE49FEB5D0A  
Content-Type: text/x-vcard; charset=us-ascii;  
name="tomb.vcf"  
Content-Transfer-Encoding: 7bit  
Content-Description: Card for tom brown   
Content-Disposition: attachment;  
filename="tomb.vcf"  
  
begin:vcard   
n:Brown;Tom  
tel;cell:+1 650 814 5949  
tel;home:+1 650 566 8715  
tel;work:+1 650 812 9400  
x-mozilla-html:FALSE  
url:http://www.cgf.net/  
org:Ministry of Information;Information Adjustment  
adr:;;;Menlo Park;California;;USA  
version:2.1  
email;internet:[email protected]  
title:Historical Adjustments Officer   
note:This isn't my real job!  
x-mozilla-cpt:;-4864  
fn:Tom Brown  
end:vcard  
  
--------------94AC7D254C33FCE49FEB5D0A--  
  
  
`
JSON