'Reachable addresses on the net (was SYN floods)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Reachable addresses on the net (was SYN floods)
From:       Oliver Xymoron <oxymoron () waste ! org>
Date:       1996-08-31 18:10:50
[Download RAW message or body]

The discussion of whether a random address was reachable (someone had
claimed about half were) got me thinking.. what percentage of addresses
are in fact reachable? Should be easy enough to find out - just write a
little Perl script to ping random hosts.. a day and several full file and
process tables, and about two hours of actual runtime later:

---
...
+160.16.82.221 (151/31246= 0.4833%) 6597s 4.74pings/s
+127.232.79.6 (152/31326= 0.4852%) 6614s 4.74pings/s
+130.151.41.1 (153/31332= 0.4883%) 6615s 4.74pings/s
+127.123.38.41 (154/31477= 0.4892%) 6646s 4.74pings/s
+127.164.49.30 (155/31479= 0.4924%) 6646s 4.74pings/s
+127.217.192.59 (156/31561= 0.4943%) 6664s 4.74pings/s
+127.148.252.233 (157/31576= 0.4972%) 6667s 4.74pings/s
+127.120.54.186 (158/31641= 0.4994%) 6680s 4.74pings/s
+127.10.92.143 (159/31680= 0.5019%) 6689s 4.74pings/s
+127.96.165.69 (160/32091= 0.4986%) 6775s 4.74pings/s
+127.153.219.200 (161/32515= 0.4952%) 6864s 4.74pings/s
+127.42.59.52 (162/32806= 0.4938%) 6925s 4.74pings/s
+127.239.225.13 (163/32869= 0.4959%) 6938s 4.74pings/s
+127.142.104.4 (164/33048= 0.4962%) 6976s 4.74pings/s
+127.175.215.62 (165/33111= 0.4983%) 6989s 4.74pings/s
+140.122.51.171 (166/33568= 0.4945%) 7085s 4.74pings/s
+127.253.175.177 (167/33724= 0.4952%) 7118s 4.74pings/s
+127.20.8.231 (168/33978= 0.4944%) 7171s 4.74pings/s
+127.190.255.36 (169/34368= 0.4917%) 7253s 4.74pings/s
+127.119.24.35 (170/35244= 0.4824%) 7437s 4.74pings/s

Tried: 35519 Reached: 170 ( 0.4786%)
Runtime: 7495 s at 4.74 pings/s
Probable reachable sites on the net: 20556446
---

The program forks 50 times (giving a load average of about 0.1 on my
machine), and the parent sends a random address to each child to try.
When the child pings or times out after 10 seconds, it returns a message
to the parent which tabulates it and sends a new address to try. It makes
some small effort to keep outgoing pings from piling up on each other as
well.  Gave me an excuse to try out pipes, select, and signal handling in
Perl..

As you can see, the address space is still quite sparse (less than 1 out
of every 200 addresses is reachable in my test), with most being inside
the 127 net.  At least for the purpose of SYN flooding, the assumption
that a random address is unreachable is probably safe and probably quite
useful. Any local protection has to bear this in mind, and perhaps keep a
cache of known good addresses handy.

--
 "Love the dolphins," she advised him. "Write by W.A.S.T.E.."

["randping" (TEXT/PLAIN)]

#!/usr/bin/perl

# Written by oxymoron@waste.org

$split=50;
$timeout=10;
$good=0;
$start=time;

sub done
{
	$ratio=$good/$tries;
		    $run=time-$start;
		    $pps=$tries/$run;
	printf "\nTried: $tries Reached: $good (%7.4f%%)\n", $ratio*100;
	printf "Runtime: $run s at %.2f pings/s\n", $pps;
	print "Probable reachable sites on the net: ", int($ratio*1024*1024*1024*4),"\n";
	kill 9, @children;
	exit;
}

$|=1;

$reached=0;

sub ping
{
    local($ret,$val);

    $SIG{'ALRM'} = sub {die};
    alarm($timeout);

    $ret=0;

    open(PING,"ping -c 1 -n -q $_[0]|");

    eval("\$val.=\$_ while(<PING>);");

    close(PING);
    alarm(0);

#    print "got: $val\n";
    
    $ret=1 if($val=~/1 packets transmitted/);

#    print "returning $ret\n";

    $ret;
}

sub fhbits
{
    local(@fhlist) = @_;
    local($bits);

    for(@fhlist)
    {
	vec($bits,fileno($_), 1) = 1;
    }
    $bits;
}

sub pingloop
{
    while(<$input>)
    {
	$addr=$_;
	if(ping $addr)
	{
	    print "+$addr\n";
	}
	else
	{
	    print "-\n";
	}
    }
}

srand(time);

for(1..$split)
{
    pipe("R1$_","W1$_");
    pipe("R2$_","W2$_");

    if($pid=fork)
    {
	# paren
	push(@children, $pid);
	push(@rfiles,"R1$_");
	$write{"R1$_"}="W2$_";
	close("W1$_");
	close("R2$_");
    }
    else
    {
	# child
	close("R1$_");
	close("W2$_");

	select("W1$_");
	$|=1;
	$input="R2$_";
	select(undef,undef,undef,$_*$timeout/$split);
	pingloop;
    }
}

foreach $file (@rfiles)
{
    $handle[fileno($file)]=$file;
    push(@nos,fileno($file));
}

$bits=&fhbits(@rfiles);
$SIG{'INT'}=sub { done};

foreach $file (@rfiles)
{
    $addr=int(rand(256)).".".int(rand(256)).".".int(rand(256)).".".int(rand(256));
#    print "$addr\n";
    $old=select($write{$file});
    $|=1;
    print "$addr\n";
    select $old;

}

print "Ready:\n";

while(1)
{
    $nfound=select($rout=$bits,undef,undef, undef);

    if($nfound)
    {
	foreach $no (@nos)
	{
	    if(vec($rout,$no,1))
	    {
		$tries++;
		$file=$handle[$no];
		$result= <$file>;
		chomp $result;
#		print "($no->$result)";
		if($result=~ /\+/)
		{
		    $good++;
		    $ratio=$good/$tries;
		    $run=time-$start;
		    $pps=$tries/$run;
		    printf "$result ($good/$tries=%7.4f%%) ${run}s %.2fpings/s\n", $ratio*100, $pps;
		}

    $addr=int(rand(256)).".".int(rand(256)).".".int(rand(256)).".".int(rand(256));

		$old=select($write{$file});
		print "$addr\n";
		select $old;
		select(undef,undef,undef,$timeout/$split);
	    }
	}
    }
}









[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic