Re: [ADMIN]Firewalls....

From: Chris Austin (caustin@pinc.com)
Date: 09/23/96


Franco wrote:
> 
> >First, what the hell is a floodping?  If this floodping is any way
> >related to a regular ping
> >then the network driver, or IP driver will respond to the ping request,
> >It's raw IP that's
> >being used for ping requests, nothing is ever passed to a user level
> >program.
> >
> >Second, if, for whatever reason, the mud does go down, the port is NOT
> >still open.  Even IF
> >the port was to remain open, what application would "receive" this
> >hacked libc and write it
> >to disk?
> 
>         I find it hard to believe that you are root@anywhere.com and don't
> know what a unix/linux floodping is. Its amazing who they will allow in sysadmin
> these days. If you do have root access to a linux box, look into the ping
> command
> with the argument of "-f" and "-c 10000" and figure this out on your own before
> you reply like a uneducated dolt.

You're not even worth my time , Franco.  A socket application running in
user mode
is not going to terminate just because the "box" itself is being flooded
with pings.

>         Secondly, one could upload the hacked libc to any directory in the
> machine
> and just have the login point to that directory.

Like I said before, and you haven't answered yet, how is this hacked
libc going to
get written to disk after the mud has "terminated" and the port
"remained open" in
your little world?

>         And about network driver and IP driver responding to ping requests is
> so far off you sound like a child. ANYTHING the computer does takes CPU time to

Franco, I suggest you pick up a book and read it before spouting off. 
Something
like Unix Network Programming by Richard W. Stevens.  The mud itself
runs in user 
mode. The kernel has networking code compiled into it, hence the kernel
will respond
to the ping requests.   

> issue the command. To respond to a ping, it takes very little CPU time.
> However, when
> the computer is receiving 1000 ping requests per second each being a 1MB
> ping request,
> this nicely eats up the CPU time, not to mention the 10 megabits bandwith of
> the network
> card that the mud is running through.
>         However, to make a flood ping sucessful, one has to be on bandwith
> greater than
> that of the attacked machine, but usually a T1 does fine.
>         Answering the flood ping on most machines is a priority at root
> level, meaning it
> has a higher priority than user level programs (like a mud), and will put
> those programns
> aside while the cpu devotes itself to answering the ping requests. Most
> programs will self
> terminate at this point after a long ordeal of lag.

Programs do not "self terminate" due to lack of CPU cycles in the Unix 
enviornment, Franco.  User mode programs will terminate after they have
received a signal from the kernel.


>         I suggest you research your shit before you reply.
> 

No Franco, I emplore you to research your shit before you make a bigger
fool out of yourself.

> >
> >It's bullshit like this that leads the uninformed to thinking that the
> >net is much worse
> >than it is.
> >
> >>     When someone telnets into a machine, during the time the machine
> >> asks for
> >> username/passwd, it is running out of the /root/bin/bash directory. Once
> a login
> >> and passwd are given, it then switches to the access of the user.
> >>         If one is crafty (dont write back on how to do it), they can tell
> >> the current
> >> bin/bash root login prompt to look in the new /lib/c directory for access,
> >> which of
> >> course has been modified with a backdoor root passwd, and therefore get a
> >> true root
> >> on the box.
> >>         So it _IS_ possible to hack any machine behind a firewall that has
> >> an open port.
> >> Most machines that are firewalled still have one major security hole, port
> >> 25 or sendmail,
> >> but I'll let you figure that one out on your own.
> >>
> >>                                 Franco
> >>                                 awe@ieway.com
> >>
> >[Original mail snipped]
> >
> >> >
> >> >Chuck
> >>
> >> +-----------------------------------------------------------+
> >> | Ensure that you have read the CircleMUD Mailing List FAQ: |
> >> |   http://cspo.queensu.ca/~fletcher/Circle/list_faq.html   |
> >> +-----------------------------------------------------------+
> >
> >
+-----------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
|   http://cspo.queensu.ca/~fletcher/Circle/list_faq.html   |
+-----------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/18/00 PST