ssh-keyscan is a program which connects to as many as possible machines
via TCP in parallel, using O_NDELAY. It then uses select() to wait for
something to happen on one of the descriptors. When it's read enough,
it closes the connections again, and recycles the fds. The program is
available from ftp://ftp.cs.hut.fi/pub/ssh/contrib/, if anybody wants
to sink their own machine :-)
I used this to scan our whole university for hosts running ssh, to
get their public keys, a total of 6862 IP addresses. Of course,
very many of these hosts were down, many didn't reply, and some
actually answered.
While the program was running, I got a total of 103 messages of
the sort "arp_expire_request: deadbeef postponed" (where deadbeef
corresponds to a valid IP address), 165 messages which looked
like "rt_cache: route to deadbeef was born dead", 117 messages
"ICMP: 123.123.123.123:1536:protocol unreachable" (whatever that
means), and quite a number of ICMP redirects. The results of
the program appeared to be ok.
I then looked at the arp tables, with "cat /proc/net/arp". Not
very surprising, these were very long; output appeared to be
sluggish. Afterwards, the machine froze up completely; keyboard
and ping from outside didn't work any more. I had to press reset.
The time between running ssh-keyscan and the lockup was on the
order of a few minutes, at most.
Machine is a P90 PCI, with a 3c503 networking card, which is otherwise
quite stable.
-- Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet. The joy of engineering is to find a straight line on a double logarithmic diagram.