"David S. Miller" <davem@xxxxxxxxxx> writes:
> From: Simon Kirby <sim@xxxxxxxxxxxxx>
> Date: Tue, 20 May 2003 17:09:36 -0700
> It's rather difficult to follow, but I don't see any "h4r h4r, expl0it
> th3 L1nux h4sh" comments or anything in the code that seems to attempt to
> exploit the hash algorithms in (older) Linux.
> Look at the vc table and how it uses this in rndip().
The vc table is used to generate packets which don't fall victim to
widely implemented source address checks (e.g. "ip verify unicast
source reachable-via any" on recent Cisco routers).
I've checked the generated packets and they appear to be distributed
rather evenly among about 3,000 of the 8,192 hash buckets (with the
old hash function, of course), so juno-z.101f.c does not specifically
choose source addresses to trigger collisions.
(BTW, that's the reason why I consider the hash collision DoS attack
not too relevant in practice -- anybody who wants to DoS my machine
can probably send lots of packets to it. juno-z.101f.c just works
well enough, even if it doesn't saturate all available bandwidth.)