Date: Fri, 29 May 1998 00:14:44 +1000 (EST) From: Tony Alexander Frank <s9507886@tuan.cse.rmit.EDU.AU> To: andrew@squiz.co.nz Cc: sysadmin@mfn.org, freebsd-security@FreeBSD.ORG Subject: Re: Possible DoS opportunity via ping implementation error? Message-ID: <199805281414.AAA08628@dropbear.cse.rmit.EDU.AU> In-Reply-To: <v02120d01b191523ade7a@[192.168.1.2]> (andrew@squiz.co.nz)
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > >I had a very interesting day today! I found out that FBSD (2.2.5R) > >machines will > >always respond to a broadcasted echo request. For example: > This contradicts the CERT Advisory below which states that FreeBSD does not > have the problem. > > Either the CERT report is wrong, a problem has been introduced since, or > it's specific to the way you've set up your boxes. > > I'd like to know which. Well, this occurs on my 2.2.5-RELEASE and 2.2.6-RELEASE machines here. Nothing fancy done to either box, the install was straight off the Walnut Creek 2.2.5 disc set, and the 2.2.6 was done over the net. Both have default values in regards to TCP/IP and just about everything else. As such, I would tend to suggest that while the CERT report might be accurate, by default this 'feature' is enabled... > >FreeBSD, Inc. > >============= > >In FreeBSD 2.2.5 and up, the tcp/ip stack does not respond to icmp > >echo requests destined to broadcast and multicast addresses by default. This > >behaviour can be changed via the sysctl command via > >mib net.inet.icmp.bmcastecho. ivanova$ sysctl net.inet.icmp.bmcastecho net.inet.icmp.bmcastecho: 1 ivanova$ uname -r 2.2.5-RELEASE ivanova$ Hope it helps? Regards, Tony Frank To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805281414.AAA08628>