[Nagiosplug-devel] Antwort: Re: Feature request: extend check_ping to specify source address

Andreas Ericsson ae at op5.se
Fri Jul 18 13:58:00 CEST 2008


Sascha.Runschke at gfkl.com wrote:
> nagiosplug-devel-bounces at lists.sourceforge.net schrieb am 18.07.2008 
> 09:23:03:
> 
>> It isn't, and I fail to see how that could work at all.
>>
>> check_icmp and ping alike mark their packets with pid, sequence-number,
>> host-id (decided internally) etc, etc. Modifying the ip->src_addr field
>> would cause the targeted host to send its ICMP_ECHO_REPLY packets to a
>> different host, so check_icmp (or ping) wouldn't be able to pick them
>> up at a later time.
> 
> It will work, if the local machine has 2 IP adresses and advanced source
> policy routing is active on the gateway (or the local machine already).
> The use of course is fairly small, since such setups are very rarely seen,
> but obviously we found someone who does it that way ;)
> 

Ah, ofcourse. I'm guessing the easy way is to simply bind(2) the socket
to the address specified by -s and then send the packet in the normal
fashion. As an added bonus, that would also provide typo-checking in
the argument parsing, since it would then be impossible to specify a
source-address that the local machine knows nothing about. In a handy
way, this would also prevent script-kiddies from launching dos attacks
using check_icmp (without modifying the source, ofcourse).

I shall have to sync with upstream and see how it was done.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231




More information about the Devel mailing list