Subject: Re: broadcast ping response
To: Kentaro A. Kurahone <email@example.com>
From: David Maxwell <firstname.lastname@example.org>
Date: 01/23/2005 16:26:57
On Sun, 23 Jan 2005, Kentaro A. Kurahone wrote:
> On Sat, Jan 22, 2005 at 09:50:55PM -0500, Allen Briggs wrote:
> > What else?
> > Kurahone-san's patch seems pretty trivial, but I'm not sure how
> > real the need is...
> FWIW, CERT recomends disabling responding to broadcast ICMP packets when
> dealing with smurf attacks, and it looks like a lot of the other unixes
> provide a simple tunable, or disable response by default.
Personally, I'd prefer a smarter change. That is, don't respond to
broadcast ICMP packets, if the source IP (to which you'll respond) is
not on a local network.
This gives the same effect as recommendation #1, but on a host by host
So, you can still use local broadcasts for the reasons people have
already noted in this thread, but in combination with making change #1
to your router(s), you get a defense-in-depth, at the host level.
David Maxwell, email@example.comfirstname.lastname@example.org --> Unless you have a solution
when you tell them things like that, most people collapse into a gibbering,
unthinking mass. This is the same reason why you probably don't tell your
boss about everything you read on BugTraq! - Signal 11