[Nagiosplug-devel] Antwort: Re: Feature request: extend check_ping to specify source address
Andreas Ericsson
ae at op5.se
Fri Jul 18 13:58:00 CEST 2008
Sascha.Runschke at gfkl.com wrote:
> nagiosplug-devel-bounces at lists.sourceforge.net schrieb am 18.07.2008
> 09:23:03:
>
>> It isn't, and I fail to see how that could work at all.
>>
>> check_icmp and ping alike mark their packets with pid, sequence-number,
>> host-id (decided internally) etc, etc. Modifying the ip->src_addr field
>> would cause the targeted host to send its ICMP_ECHO_REPLY packets to a
>> different host, so check_icmp (or ping) wouldn't be able to pick them
>> up at a later time.
>
> It will work, if the local machine has 2 IP adresses and advanced source
> policy routing is active on the gateway (or the local machine already).
> The use of course is fairly small, since such setups are very rarely seen,
> but obviously we found someone who does it that way ;)
>
Ah, ofcourse. I'm guessing the easy way is to simply bind(2) the socket
to the address specified by -s and then send the packet in the normal
fashion. As an added bonus, that would also provide typo-checking in
the argument parsing, since it would then be impossible to specify a
source-address that the local machine knows nothing about. In a handy
way, this would also prevent script-kiddies from launching dos attacks
using check_icmp (without modifying the source, ofcourse).
I shall have to sync with upstream and see how it was done.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
More information about the Devel
mailing list