Subject: Re: broadcast ping response
To: John Nemeth <>
From: Greg A. Woods <>
List: tech-net
Date: 01/24/2005 17:23:12
[ On Saturday, January 22, 2005 at 15:57:21 (-0800), John Nemeth wrote: ]
> Subject: broadcast ping response
>      Why is NetBSD 2.0 responding to broadcast ICMP ECHO REQUEST (ping)
> packets?  Is there any way to stop it.  Because this is a well known
> DOS most modern OSes don't respond, so I'm surprised that current
> versions of NetBSD do.

I would say that "well known DoS" w.r.t. broadcast ping is a bit of a
myth, or at least a misunderstanding at best.

A smurf attack cannot be triggered through any properly protected
network gateway -- I.e. I think you'd be much better off just blocking
all network-prefix-directed broadcast packets at your gateway than you
would be disabling what can otherwise be a very useful tool within a
LAN; and of course you should also block all spoofed packets from
leaving your LAN so that your users cannot initiate a smurf attack
either.  Presumably your LAN is sufficiently well engineered that one
station cannot do any worse to any other station though use of broadcast
ICMP than they could by directly transmitting traffic all on their own
(and if so then maybe you might want to consider subnetting :-).

Now on the other hand I do agree that broadcast pings can sometimes be
used for some levels of network reconnaissance (though I don't agree
that such techniques should considered a high-risk threat -- such
security by obscurity doesn't rate as a very good defence in in my books :-)

						Greg A. Woods

H:+1 416 218-0098  W:+1 416 489-5852 x122  VE3TCP  RoboHack <>
Planix, Inc. <>          Secrets of the Weird <>