Date: Wed, 27 May 1998 17:37:46 +1200 From: andrew@squiz.co.nz (Andrew McNaughton) To: "J.A. Terranson" <sysadmin@mfn.org>, "'FreeBSD Security'" <freebsd-security@FreeBSD.ORG> Subject: Re: Possible DoS opportunity via ping implementation error? Message-ID: <v02120d01b191523ade7a@[192.168.1.2]>
next in thread | raw e-mail | index | archive | help
At 3:05 PM 27/5/98, J.A. Terranson wrote: >I had a very interesting day today! I found out that FBSD (2.2.5R) >machines will >always respond to a broadcasted echo request. For example: This contradicts the CERT Advisory below which states that FreeBSD does not have the problem. Either the CERT report is wrong, a problem has been introduced since, or it's specific to the way you've set up your boxes. I'd like to know which. >============================================================================= >CERT* Advisory CA-98.01.smurf >Original issue date: Jan. 05, 1998 >Last revised: -- > >Topic: "smurf" IP Denial-of-Service Attacks >- ----------------------------------------------------------------------------- > >This advisory is intended primarily for network administrators responsible for >router configuration and maintenance. > >The attack described in this advisory is different from the denial-of-service >attacks described in CERT advisory CA-97.28. > >The CERT Coordination Center has received reports from network service >providers (NSPs), Internet service providers (ISPs), and other sites of >continuing denial-of-service attacks involving forged ICMP echo request >packets (commonly known as "ping" packets) sent to IP broadcast >addresses. These attacks can result in large amounts of ICMP echo reply >packets being sent from an intermediary site to a victim, which can cause >network congestion or outages. These attacks have been referred to as "smurf" >attacks because the name of one of the exploit programs attackers use to >execute this attack is called "smurf." >FreeBSD, Inc. >============= >In FreeBSD 2.2.5 and up, the tcp/ip stack does not respond to icmp >echo requests destined to broadcast and multicast addresses by default. This >behaviour can be changed via the sysctl command via >mib net.inet.icmp.bmcastecho. > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Andrew McNaughton = ++64 4 389 6891 Any sufficiently advanced = andrew@squiz.co.nz bug is indistinguishable = http://www.newsroom.co from a feature. = -- Rich Kulawiec = To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v02120d01b191523ade7a>