Date: Wed, 27 May 1998 14:55:55 -0400 (EDT) From: Mike <mike@seidata.com> To: "J.A. Terranson" <sysadmin@mfn.org> Cc: "'FreeBSD Security'" <freebsd-security@FreeBSD.ORG> Subject: Re: Possible DoS opportunity via ping implementation error? Message-ID: <Pine.BSF.3.96.980527143647.6852B-100000@ns1.seidata.com> In-Reply-To: <01BD88F2.6DDD3A40@w3svcs.mfn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 26 May 1998, J.A. Terranson wrote: > I found out that FBSD (2.2.5R) machines will always respond to a > broadcasted echo request. For example: Hmm... Before the advisory and numerous posts here, I thought this was common knowledge. Guess not... My ingorance is probably due to the fact that I have *very* general knowledge on how a SMURF attack actually works (i.e. DoS through massive broadcast replies), but I'm not sure of any details. > W2>ping 10.1.1.255 > PING 10.1.1.255 (10.1.1.255): 56 data bytes > 64 bytes from 10.1.1.20: icmp_seq=1 ttl=255 time=4.746 ms > 64 bytes from 10.1.1.23: icmp_seq=1 ttl=255 time=45.864 ms (DUP!) > lots of these dups... This same type of behavior is exhibited on 2.2.5-R, 2.2.6-R and 3.0-CURRENT boxes here when pinging any boradcast. Although I never knew it was a 'problem' perse, at least now I know how to fix it (manually for release boxes or with a new cvsup for current)... thanks mostly to the efforts of FreeBSD users (warm, fuzzy feeling ensues). Thanks guys. :) --- Mike Hoskins Email: mike@seidata.com SEI Data Network Services, Inc. WWW: http://www.seidata.com P.O. Box 7, 14005 U.S. 50 (BLD2) Voice: 800.925.6746 ex. 251 Dillsboro, IN 47018 Fax: 812.744.8000 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980527143647.6852B-100000>