Smurfing
Craig A. Huegen
chuegen at quadrunner.com
Sat Feb 14 07:18:42 UTC 1998
On Sat, 14 Feb 1998, William Allen Simpson wrote:
Forgot to address the second part of the post...
==>What pressure is being put on host vendors?
Well, I don't know that there is much. Host vendors are saying this is a
network problem, and they're well within the RFC. Personally, I think
broadcast pings are a great troubleshooting tool; but like any good tool,
someone's found a way to cause mass destruction with it.
==>Which host vendors are the problem?
How about I supply some information about the hosts I do know about:
IBM has provided a setting in AIX 4.x to disable responses to broadcast
addresses. It is not available in AIX 3.x. Use the "no" command to turn
it off or on. NOTE: On AIX 4.x responses are DISABLED by default.
no -o bcastping=0 # disable bcast ping responses (default)
Solaris can be set not to respond to ICMP echo requests. Add the
following line to your /etc/rc2.d/S69inet startup:
ndd -set /dev/ip ip_respond_to_echo_broadcast 0
Starting with version 2.2.5, FreeBSD's IP stack does not respond to icmp
echo requests destined to broadcast and multicast addresses by default.
The sysctl parameter for this functionality is net.inet.icmp.bmcastecho.
Under NetBSD, directed broadcasts can be disabled by using the sysctl
command:
sysctl -w net.inet.ip.directed-broadcast=0
Under Linux, one can use the CONFIG_IP_IGNORE_ECHO_REQUESTS variable to
completely ignore ICMP echo requests. Of course, this violates RFC 1122.
"ipfw" can be used from Linux to block broadcast echos, a la:
Any system with ipfw can be protected by adding rules such as:
ipfwadm -I -a deny -P icmp -D 123.123.123.0 -S 0/0 0 8
ipfwadm -I -a deny -P icmp -D 123.123.123.255 -S 0/0 0 8
(replace 123.123.123.0 and 123.123.123.255 with your base network number
and broadcast address, respectively)
/cah
More information about the NANOG
mailing list