On 2020/12/15 16:33, Theo de Raadt wrote: > Jan Klemkow <j.klem...@wemelug.de> wrote: > > > On Tue, Dec 15, 2020 at 03:43:38PM -0700, Theo de Raadt wrote: > > > Jan Klemkow <j.klem...@wemelug.de> wrote: > > > > > > > for frequent performance test it would be nice to just start tcpbench > > > > as a regular service. tcpbench gets an extra user and group with this > > > > diff and is already pledged to "stdio". Thus, there should be no > > > > security risk to do this even in hostile environments. > > > > > > You're kidding me. If someone starts this in a hostile environment, their > > > network/host will be flattened. > > > > You are right, someone can use this, to flood a link. But, you can > > flood someones link with traffic anyway, as botnets do it, or? > > It is not the same at all, because tcpbench will attempt to flow maximum > traffic in both directions. No other service has that behaviour. >
-s just throws the packets away, it does not transmit