Date: Sat, 30 May 1998 09:31:46 -0300 (ARST) From: "Fernando P. Schapachnik" <fpscha@localhost.schapachnik.com.ar> To: dg@root.com Cc: andrew@squiz.co.nz, sysadmin@mfn.org, freebsd-security@FreeBSD.ORG Subject: Re: Possible DoS opportunity via ping implementation error? Message-ID: <199805301231.JAA00209@localhost.schapachnik.com.ar> In-Reply-To: <199805272358.QAA10311@implode.root.com> from David Greenman at "May 27, 98 04:58:31 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
En un mensaje anterior David Greenman escribi˘: > > > >I'd like to know which. > ... > >>FreeBSD, Inc. > >>============= > >>In FreeBSD 2.2.5 and up, the tcp/ip stack does not respond to icmp > >>echo requests destined to broadcast and multicast addresses by default. This > >>behaviour can be changed via the sysctl command via > >>mib net.inet.icmp.bmcastecho. > > The CERT advisory is wrong. FreeBSD has always responded to broadcast ICMP > echo requests by default. Further, the option mentioned to disable them was > broken in 2.2.x and -current until just yesterday. Anyway, as a piece of advice, the best thing you can do is to configure your router interfaces' to disallow broadcasts. This is done via the 'no ip directed broadcast' command on the serial interfaces, on CISCO routers. Of course, this is not a final solution, but is very practical if you can "trust" your LAN, as is mostly the case. Regards! Fernando P. Schapachnik fpscha@schapachnik.com.ar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805301231.JAA00209>