netbsd-bugs: Re: kern/4785: directed bcasts sysctl doens't turn off icmp replies to bcast addr

Subject: Re: kern/4785: directed bcasts sysctl doens't turn off icmp replies to bcast addr
To: None <gnats-bugs@NetBSD.ORG>
From: Jason Thorpe <thorpej@nas.nasa.gov>
List: netbsd-bugs
Date: 01/06/1998 01:41:30

Wolfgang Rupprecht notes that net.inet.ip.directed-broadcast=0 doesn't
disable replies to icmp-to-broadcast.

In short, it's not supposed to.

That sysctl enables/disables the forwarding of IP-directed broadcasts.
In other words, if your NetBSD machine is a router, and directed-broadcast
is 0, IP-directed broadcasts will not be forwarded.

The "smurf" CERT advisory actually says this, but not in a very clear
way...

NetBSD does not currently have a way to disable replies to icmp-to-broadcast.
Such a thing could be implemented, but enabling it would break things
such as router discovery.

Jason R. Thorpe                                       thorpej@nas.nasa.gov
NASA Ames Research Center                            Home: +1 408 866 1912
NAS: M/S 258-6                                       Work: +1 650 604 0935
Moffett Field, CA 94035                             Pager: +1 415 428 6939