Re: [Admin][Serious][More Info] Fake IP Attacks on MUD

From: Erwin S. Andreasen (erwin@PIP.DKNET.DK)
Date: 09/01/97


On Sun, 31 Aug 1997, Chris Jacobson wrote:

> [ New connection from [014.000.000.000] ]
> [ New connection from [002.000.000.000] ]
> [ New connection from [002.000.000.000] ]
>
> These came about one every 10 seconds... not a 'flood' but enough to
> annoy.  However, it appears that a major upgrade I just did to the MUD
> (over 2 months in coding updates in a new binary, that I was waiting for
> the right time and apwipe to upload) can take this assault and not flinch.

We had a problem with something similar once, it seems to have
disappeared. This was under Linux 2.0.26 - I've also talked to another
person with similar problems under Linux.

I suspect it's some TCP/IP protocol bug - I've had weird things happen to
me on that machine before, including getting the output from another mud
on the same machine sent to one of the users (!).

Anyway, a workaround which seemed to be effective in some of the cases was
to check that the returned size of the structure really is the size that
was passed. In many cases were invalid adressess were accepted, size did
not match.

Oliver added an addition getpeername call after the accept, and checked
size that this would return - I am not sure if checking the size that
accept returns would suffice.

size = sizeof(sock);

if (getpeername(fd, (some sockstruct*) &sock, &size) < 0)
{
        ....
}

if (size != sizeof(sock))
{
        weird stuff!
}


It's been a while since such errors came up though...

 =============================================================================
Erwin Andreasen   Herlev, Denmark <erwin@pip.dknet.dk>  UNIX System Programmer
<URL:http://pip.dknet.dk/~erwin/>         <*>           (not speaking for) DDE
 =============================================================================


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/08/00 PST