John Zimmerman added the comment:
Hi Antoine,
The issue is that the CPU spikes to ~90% utilization for the server during the
attack, for as long as the attack lasts. So the theory is that Python isn't
throttling or processing the malformed packets properly. Copying Renier for
John Zimmerman added the comment:
Thanks for your quick response, I downloaded the ISIC tool and used the
following command to identify the problem:
udpsic -s rand -d server-ip-address,port
where port is 514 (syslogd) which uses a python script to process the incoming
messages.
The command
New submission from John Zimmerman :
Python's socket module as included in Ubuntu Lucid (python version 2.6.5) does
not correctly handle and exclude malformed UDP packets. This means that UDP
listening programs written in python on this version are susceptible to
malformed-UDP-packet
