Home » Mailing list archives » openbsd-misc » 2008 » October » 1

Re: HPING or equiv

Previous thread: Re: New tcp stack attack by Fernando Gont on Wednesday, October 1, 2008 - 8:29 am. (1 message)

Next thread: none
[view original message]
From: Geoff Steckel
Subject: Re: HPING or equiv
Date: Wednesday, October 1, 2008 - 9:26 am

time sudo ping -f ping
PING ping.oat.com (198.5.5.10): 56 data bytes
--- ping.oat.com ping statistics ---
12180 packets transmitted, 12180 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.083/0.141/8.073/0.132 ms
0.0u 0.6s 0:02.75 24.3% 0+0k 0+1io 0pf+0w

This is on a very wimpy box (< 2G).  Maybe your network interface
is no good? If it's an ne2000 type, it won't work worth used tissue paper.

   geoff steckel


[ message continues ]
[view original message]
From: Simon Slaytor
Subject: Re: HPING or equiv
Date: Wednesday, October 1, 2008 - 12:24 pm

Hi Geoff,

Thanks for the reply, no I don't think it's the box, DMESG below. 

Ok some test output where the IP pinged is the far end of a /30 subnet 
on a dedicated 1G line rate router port of a 7609 cisco, sup 720 etc..

If I do a flood PING

# time ping -c 1000 -f 80.65.xxx.xxx         
PING 80.65.xxx.xxx (80.65.xxx.xxx): 56 data bytes
--- 80.65.xxx.xxx ping statistics ---
1000 packets transmitted, 1000 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.241/0.279/10.349/0.344 ms
    0m0.32s real     0m0.00s user     0m0.06s system
#

# time ping -f 80.65.xxx.xxx
PING 80.65.xxx.xxx (80.65.xxx.xxx): 56 data bytes
--- 80.65.xxx.xxx ping statistics ---
26221 packets transmitted, 26218 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.236/0.389/23.944/0.465 ms
    0m5.89s real     0m0.04s user     0m1.59s system
#

    3 users    Load  0.56  0.46  0.46                  Wed Oct  1 
20:14:27 2008

Iface    State     Ibytes    Ipkts  Ierrs       Obytes    Opkts  
Oerrs    Colls
re0      up:U           0     5585      0       798202     5670      
0        0
re1      up:U           0        0      0            0        0      
0        0
nfe0     dn             0        0      0            0        0      
0        0
enc0     dn             0        0      0            0        0      
0        0
lo0      up             0        0      0            0        0      
0        0
pflog0   up             0        0      0            0        0      
0        0
trunk0   up:U      544226     5585      0       877582     5670      
0        0
trunk1   up:U           0        0      0            0        0      
0        0
Totals             544226    11170      0      1675784    11340      
0        0

Packets are going out through trunk0 (1 member re0) i.e 5k+ pps

Doing a HPING to the same host

# time hping -c 1000 -i u100 -1 80.65.xxx.xxx

len=46 ip=80.65.xxx.xxx ttl=255 id=34206 icmp_seq=0 rtt=0.3 ms
len=46 ip=80.65.xxx.xxx ...
[ message continues ]
Previous thread: Re: New tcp stack attack by Fernando Gont on Wednesday, October 1, 2008 - 8:29 am. (1 message)

Next thread: none