This is the mail archive of the ecos-discuss@sources.redhat.com mailing list for the eCos project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: TCP/IP stack: robustness agains port scan

From: llandre <r&d at wawnet dot biz>
To: Andrew Lunn <andrew dot lunn at ascom dot ch>
Cc: ecos-discuss at sources dot redhat dot com,matto at wawnet dot biz
Date: Thu, 24 Oct 2002 12:35:31 +0200
Subject: Re: [ECOS] TCP/IP stack: robustness agains port scan
References: <5.1.1.6.0.20021024120111.00aafdb8@dns.struinfo.it><5.1.1.6.0.20021024120111.00aafdb8@dns.struinfo.it>

On Thu, Oct 24, 2002 at 12:09:20PM +0200, llandre wrote:
> I was questioned about the eCos' stack robustness against the port scan.
> I performed a very simple test with this configuration:
> - stack: OpenBSD
> - CPU: ARM7, 66MHz, 8kB cache
> - stack buffer: 256kB (default)
> - application running on eCos: tcp_echo.
> All the other stack parameters set to default values.
>
> I run from a linux machine nmap with the parameter "-p 1-" in order to scan
> all ports and this causes the crash of the eCos system.
> Is it possible to improve the robustness against this port scan?

Its always possible, it just needs someone to implement it.

Please enable asserts, run the test again, and give us details of how
it fails. Without details we cannot help you.

Andrew

Sorry for my generic question: I thought it was a known problem it had a sort of "standard" answer.
The IP address of the machine where I run nmap is 192.168.0.20.
While performing the nmap, a ping is running to check the status of eCos board.

Here is the output of the eCos board:
----------------------------------------------------------
Start TCP test - ECHO mode
BOOTP[eth0] op: REQUEST
htype: Ethernet
hlen: 6
hops: 0
xid: 0x383c0000
secs: 0
flags: 0x80
hw_addr: 00:00:00:00:00:00
client IP: 0.0.0.0
my IP: 192.168.0.153
server IP: 192.168.0.20
gateway IP: 0.0.0.0
options:
DHCP message: 3 REQUEST
DHCP server id: 192.168.0.20
DHCP time 51: -1
DHCP time 58: 0
DHCP time 59: 0
subnet mask: 255.255.255.0
gateway: 192.168.0.254
DHCP option: 37/55.9: 54 51 58 59 1 3 6 15 28
DHCP option: 39/57.2: 576
DHCP requested ip: 192.168.0.153
No load = 121779
Set background load = 50% starting 10 threads
Set no background load
High Load[100] = 98048 => 20%
Set background load = 50% starting 10 threads
Set no background load
High Load[200] = 78665 => 36%
Set background load = 50% starting 10 threads
Set no background load
High Load[400] = 43860 => 64%
Set background load = 50% starting 10 threads
Set no background load
Load[300] = 60614 => 51%
Set background load = 50% starting 10 threads
Set no background load
Final load[294] = 61617 => 50%
SINK connection from 54.0.0.0:0
SOURCE connection from 54.0.0.0:0
Error after reading 0 bytes
Can't read initialization parameters: Connection reset by peer
----------------------------------------------------------

The last messages appear when nmap reports:

Adding open port 9991/tcp
Adding open port 9990/tcp

and at the same time the ping has no more responses (Destination Host Unreachable).

--
Before posting, please read the FAQ: http://sources.redhat.com/fom/ecos
and search the list archive: http://sources.redhat.com/ml/ecos-discuss

Follow-Ups:
- Re: TCP/IP stack: robustness agains port scan
  - From: Andrew Lunn

References:
- TCP/IP stack: robustness agains port scan
  - From: llandre
- Re: TCP/IP stack: robustness agains port scan
  - From: Andrew Lunn

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]