On Sat, Jan 22, 2005 at 04:42:29PM -0800, John Nemeth wrote:
>      It is a traffic amplification attack.  Picture a network with 50+
> machines, which respond to broadcast packets.  You send one ping packet
> to the broadcast address and get 50 back.

Sure.  I hadn't heard that OSes were turning off response to
broadcast pings, though.  I find broadcast pings useful diagnostic
tools on my network.

When I was running a border router, I made sure that the router
didn't forward any broadcast traffic in or out of the network.  I
thought that was pretty standard.  Is it not?
Can't you configure ipf or ipfilter to dump these on the floor?

That said, I wouldn't have a problem with having a tunable knob to
easily disable responses to broadcast pings (I think it should
default to traditional behavior).  I don't think anyone's proposed
it or shown any code, though.

-allen

-- 
                  Use NetBSD!  http://www.netbsd.org/