Subject: Re: broadcast ping response
To: John Nemeth <>
From: Allen Briggs <>
List: tech-net
Date: 01/22/2005 20:04:32
On Sat, Jan 22, 2005 at 04:42:29PM -0800, John Nemeth wrote:
>      It is a traffic amplification attack.  Picture a network with 50+
> machines, which respond to broadcast packets.  You send one ping packet
> to the broadcast address and get 50 back.

Sure.  I hadn't heard that OSes were turning off response to
broadcast pings, though.  I find broadcast pings useful diagnostic
tools on my network.

When I was running a border router, I made sure that the router
didn't forward any broadcast traffic in or out of the network.  I
thought that was pretty standard.  Is it not?
Can't you configure ipf or ipfilter to dump these on the floor?

That said, I wouldn't have a problem with having a tunable knob to
easily disable responses to broadcast pings (I think it should
default to traditional behavior).  I don't think anyone's proposed
it or shown any code, though.


                  Use NetBSD!