Find the Flaw

[iago]

There's more to this story, but here's a situation.  Can you tell what they did wrong?

I want to implement a ping-type application, but I'm going to write my own protocol.  It is going to go over UDP, obviously, because you can't really ping with TCP, and II want it to be really simple, so here's what I do:
Client -> Server: 0x01
Server -> Client: 0x01

When I send the server a single byte, "1", it responds with the same byte, "1". 

There is an attack that can cripple a system like this.  Can anybody see it? (if you've heard about this, shh)

[Blaze]

[rot13]
Cvatvat lbhefrys?
[/rot13]
http://www.rot13.com/index.php

[iago]

[rot13]
Cvatvat lbhefrys?
[/rot13]
http://www.rot13.com/index.php

True, but that's not the main problem. 

[igimo1]

...Have it send it to itself?

[iago]

...Have it send it to itself?

Explain?

[Newby]

...Have it send it to itself?

Explain?

Spoof the source IP as the destination IP!

[Sidoh]

Spoof the source IP as the destination IP!

Oh, I see.  Then it's caught in an infinite loop sending it to itself!  Ha!  That's funny.  Well, couldn't you just make sure the IP isn't yours and isn't localhost?

[iago]

Spoof the source IP as the destination IP!

Oh, I see.  Then it's caught in an infinite loop sending it to itself!  Ha!  That's funny.  Well, couldn't you just make sure the IP isn't yours and isn't localhost?

Then have it spoof the ip of another server running that software.  They DoS each other!

And by the way, Microsoft's SQL Server 2000 did exactly that.  It was discovered in 2001, I believe, and is a really, really nasty Denial of Service :)

[Sidoh]

Then have it spoof the ip of another server running that software.  They DoS each other!

And by the way, Microsoft's SQL Server 2000 did exactly that.  It was discovered in 2001, I believe, and is a really, really nasty Denial of Service :)

That is nasty.