Subject: Re: broadcast ping response
To: Kentaro A. Kurahone <>
From: David Maxwell <>
List: tech-net
Date: 01/23/2005 16:26:57
On Sun, 23 Jan 2005, Kentaro A. Kurahone wrote:
> On Sat, Jan 22, 2005 at 09:50:55PM -0500, Allen Briggs wrote:
> [snip]
> > What else?
> > 
> > Kurahone-san's patch seems pretty trivial, but I'm not sure how
> > real the need is...
> FWIW, CERT recomends disabling responding to broadcast ICMP packets when
> dealing with smurf attacks, and it looks like a lot of the other unixes 
> provide a simple tunable, or disable response by default.

Personally, I'd prefer a smarter change. That is, don't respond to
broadcast ICMP packets, if the source IP (to which you'll respond) is
not on a local network.

This gives the same effect as recommendation #1, but on a host by host

So, you can still use local broadcasts for the reasons people have
already noted in this thread, but in combination with making change #1
to your router(s), you get a defense-in-depth, at the host level.

David Maxwell,| --> Unless you have a solution
when you tell them things like that, most people collapse into a gibbering, 
unthinking mass.  This is the same reason why you probably don't tell your 
boss about everything you read on BugTraq!    - Signal 11