Home page logo

bugtraq logo Bugtraq mailing list archives

Re: pingflood.c
From: avarvit () CC ECE NTUA GR (Aggelos P. Varvitsiotis)
Date: Mon, 18 May 1998 13:39:07 +0300


   pingflood.c by (AntireZ) Salvatore Sanfilippo <md5330 () mclink it>
   enhanced by David Welton <davidw () cks com>
   I tested it only on Linux RedHat 4.1 and 5.0.
   David Welton tested it on Debian GNU/Linux and OpenBSD reporting
it           works.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; version 2 of the License.
[64 lines deleted]

Verified it on SunOS 5.5.1. Basically, it is so simple that it
should work on any Unix box. The "bug" in ping's code is that
the code naively assumes the SIGALRM is system-generated (due
to a previous alarm() call). At least on SunOS 5.5.1, sigaction(2)
can be used to examine the source of the SIGALRM (e.g. check
that (siginfo_t *)si->si_code > 0 -- (siginfo_t *)si is returned
to the signal handler if the sa_flags member of the struct sigaction
passed to sigaction() has the SA_SIGINFO bit set). I am not sure
how this can be implemented on other systems.

BTW, how many setuid programs are there that will catch various
signals and will behave "not-as-expected" when forked off by a
signal-bomber parent process, such as pingflood?

a.varvitsiotis () iccs ntua gr                     A.Varvitsiotis
                                             ICCS Computer Center
                                      National Technical University of Athens

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]