From owner-freebsd-security Wed Jun 23 8:22:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id 25314152E3 for ; Wed, 23 Jun 1999 08:22:27 -0700 (PDT) (envelope-from nick@rapidnet.com) Received: from localhost (nick@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id JAA21786; Wed, 23 Jun 1999 09:22:23 -0600 (MDT) Date: Wed, 23 Jun 1999 09:22:23 -0600 (MDT) From: Nick Rogness To: "N.N.M" Cc: petef@netreach.net, security@freebsd.org Subject: Re: Question: Preventing Smurf In-Reply-To: <19990623065111.95383.qmail@hotmail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 22 Jun 1999, N.N.M wrote: > > Not just pingable, it's better to say : I can be a smurf relay if my hosts > are broadcast-pingable. Agree? Am I right? yes. > > Nazila M. > > > >From: Pete Fritchman > >To: Nick Rogness > >CC: security@freebsd.org > >Subject: Re: Question: Preventing Smurf > >Date: Tue, 22 Jun 1999 13:10:31 -0400 (EDT) > >MIME-Version: 1.0 > >From owner-freebsd-security@freebsd.org Tue Jun 22 10:08:03 1999 > >Received: by hub.freebsd.org (Postfix, from userid 538)id CB9021533F; Tue, > >22 Jun 1999 10:07:53 -0700 (PDT) > >Received: from localhost (localhost [127.0.0.1])by hub.freebsd.org > >(Postfix) with SMTPid B056B1CD66E; Tue, 22 Jun 1999 10:07:53 -0700 > >(PDT)(envelope-from owner-freebsd-security) > >Received: by hub.freebsd.org (bulk_mailer v1.12); Tue, 22 Jun 1999 10:07:53 > >-0700 > >Delivered-To: freebsd-security@freebsd.org > >Received: from fantasy.netreach.net (fantasy.netreach.net > >[205.197.101.219])by hub.freebsd.org (Postfix) with ESMTP id 39F951515Afor > >; Tue, 22 Jun 1999 10:07:48 -0700 (PDT)(envelope-from > >petef@netreach.net) > >Received: from borneo (borneo.netreach.net [205.197.101.111])by > >fantasy.netreach.net (8.9.3/8.9.0) with SMTP id NAA19421;Tue, 22 Jun 1999 > >13:08:47 -0400 (EDT) > >X-Sender: petef@borneo > >In-Reply-To: > >Message-ID: > >Sender: owner-freebsd-security@FreeBSD.ORG > >X-Loop: FreeBSD.org > >Precedence: bulk > > > >so let me get this straight... > > > >if your gateway is ping'able you *CAN* be a smurf relay? > > > >--------------------------------------------- > >Pete Fritchman petef@netreach.net > >Netreach www.netreach.net > >System Administrator > > > >On Tue, 22 Jun 1999, Nick Rogness wrote: > > > > > On Tue, 22 Jun 1999, N.N.M wrote: > > > > > > > Thanks for your reply. That is the point: I disable > >net.inet.icmp.bmcastecho > > > > (=0) on a freebsd box with the IP, i.e. x.x.11.18. But when I use > >broadcast > > > > ping (ping x.x.11.255) on another pc (i.e. x.x.11.17) on the same > >Ethernet, > > > > the first machine which is not supposed to reply to the ping, will > >reply! So > > > > I thought I might need another thing to disable that or maybe using > > > > broadcast ping on the same Ethernet isn't a good way to test it or > >...... > > > > Any idea? > > > > > > > > > # Deny icmp packets from hitting broadcast > > > ipfw add 3000 deny log icmp from any to x.x.11.255/32 in via de0 > > > > > > > > > > > > > > Nazila M. > > > > > > > > > > > > >From: mwlucas@exceptionet.com > > > > >To: madrapour@hotmail.com (N.N.M) > > > > >CC: freebsd-security@FreeBSD.ORG > > > > >Subject: Re: Question: Preventing Smurf > > > > >Date: Tue, 22 Jun 1999 07:06:52 -0400 (EDT) > > > > >MIME-Version: 1.0 > > > > >From mwlucas@easeway.com Tue Jun 22 11:18:15 1999 > > > > >Received: (from mwlucas@localhost)by easeway.com (8.8.8/8.8.5) id > > > > >HAA02940;Tue, 22 Jun 1999 07:06:56 -0400 (EDT) > > > > >Message-Id: <199906221106.HAA02940@easeway.com> > > > > >In-Reply-To: <19990622073945.98174.qmail@hotmail.com> from "N.N.M" at > >"Jun > > > > >22, 99 00:39:43 am" > > > > >X-Mailer: ELM [version 2.4ME+ PL32 (25)] > > > > > > > > > >To test if it works, ping your subnet's broadcast address (i.e., > > > > >a.b.c.255). If you're not sure of the broadcast, an ifconfig -a will > >give > > > > >it to you. > > > > > > > > > >The machine won't respond to a broadcast ping. This will prevent you > >from > > > > >being a smurf relay. > > > > > > > > > >A more effective method would be to block broadcast pings at the > >router to > > > > >your network. Check your router's documentation or mfg. web site for > > > > >exact instructions. > > > > > > > > > >Regards, > > > > >==ml > > > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > Is it enough to do "sysctl -w net.inet.icmp.bmcastecho=0" to > >prevent > > > > >being > > > > > > Smurf Intermediary? And if so, how can I check it to get sure if > >it is > > > > >ok? > > > > > > I did the above change, but my freebsd box still responses to ping > >(from > > > > >a > > > > > > pc on the same Ehternet) to broadcast address. Is it normal? > > > > > > > > > > > > thanks, > > > > > > Nazila M. > > > > > > > > > > > > > > > > > > ______________________________________________________ > > > > > > Get Your Private, Free Email at http://www.hotmail.com > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > > > > > > > > >-- > > > > >Michael Lucas | > > > > >Exceptionet, Inc. | www.exceptionet.com > > > > >"Exceptional Networking" | > > > > > > > > > > > > > > > > > ______________________________________________________ > > > > Get Your Private, Free Email at http://www.hotmail.com > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > ******************************************************************* > > > Nick Rogness "Never settle with words what > > > System Administrator can be accomplished with a > > > RapidNet, INC flame-thrower" > > > nick@rapidnet.com > > > ******************************************************************* > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > > ______________________________________________________ > Get Your Private, Free Email at http://www.hotmail.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > ******************************************************************* Nick Rogness "Never settle with words what System Administrator can be accomplished with a RapidNet, INC flame-thrower" nick@rapidnet.com ******************************************************************* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message