Router modifications to deal with smurf

Kelly J. Cooper kcooper at
Mon Apr 27 20:12:33 UTC 1998

There is no noise, only signal.  There is no signal, only noise.

On Apr 26,  3:35pm, Craig A. Huegen wrote:
*On Sat, 25 Apr 1998, Rusty Zickefoose wrote:
*==>        We requests that your routers be configurable, at the interface
*==>level, to prevent the forwarding of an ICMP echo-request packet through an
*==>interface that has a broadcast or wire address that matches the
*==>destination address of that packet.  We also request that the default
*==>configurations of your routers be modified to prevent said forwarding.
*This is against RFC 1812.
*RFC 1812, "Requirements for IP Version 4 Routers", Section 5.3.5,
*   A router MAY have an option to disable receiving network-prefix-
*   directed broadcasts on an interface and MUST have an option to
*   disable forwarding network-prefix-directed broadcasts.  These options
*   MUST default to permit receiving and forwarding network-prefix-
*   directed broadcasts.

Yes, well, the fact that most vendors do NOT have a knob to turn this 
off is also against RFC 1812 (same paragraph, previous sentence) and 
that's a big part of the smurf problem.  

*Someone has stated before that editor(s) of said RFC are aware of this and
*have discussed the change in default.

No, jhawk said the editor(s) are "certainly aware" of the fact that 
the RFC could use some updating.  No one said that they actually are 
aware, nor whether anyone is making an effort to update the document.

If anyone originally associated with the document IS in fact working
to change RFC 1812, I'd really like to hear about it.  Privately or
publicly.  Please feel free to forward this note to the relevant 
parties if you know them.  I have a keen interest in the topic.  
Thank you.

*Note that I'm not arguing that it *should* be the default, I'm just
*arguing that vendors have implemented it this way because that's the way
*they were told to in the RFC.  If after reading
*, you think that I believe
*directed-broadcasts should be on by default, go back and read agian. =)

The point is that forwarding directed broadcasts should be off by 
default and that:

  1. RFC 1812 should be changed to reflect this and
  2. Vendors should modify their code to reflect this

Whether these two things happen in parallel or serial is relevant 
only inasmuch as the vendor doth protest that they one must come 
before the other.  They should both occur.

And if a vendor wants to argue that they are in keeping with RFC 1812 
by having the forwarding of directed broadcasts on by default BUT 
do not have a knob built in to turn it off, then that looks a bit 
hypocritical and they open themselves up to all sorts of taunting.

*Now, since this has been beaten past the jelly stage, can we please put
*the topic to sleep?  Thank you. 

I seriously doubt that this topic is going to die until Smurf attacks
get quite a bit smaller or go out of vogue.

Just to be clear, Rusty asked whether requesting that the various 
vendors in the world create a knob to turn off the forwarding of 
directed broadcasts combined with requesting that it is configured 
off as a default setting would meet with approval by most of the 
readers of NANOG, not whether it was feasible or in keeping with 
the RFC.  

It is a known thing that this type of request doesn't meet the 
criteria of the RFC and lots of different folks are hoping that the
RFC will change.  I'm wondering whether there's any duplication of 
effort to that end (or any effort at all) going on.

Kelly J.

Kelly J. Cooper     -     Internet Security Officer
GTE Internetworking - Powered by BBN - 800-632-7638 
150 Cambridge Park Drive         Fax - 617-873-5508
Cambridge, MA  02140   

More information about the NANOG mailing list