Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 27 May 1998 17:37:46 +1200
From:      andrew@squiz.co.nz (Andrew McNaughton)
To:        "J.A. Terranson" <sysadmin@mfn.org>, "'FreeBSD Security'" <freebsd-security@FreeBSD.ORG>
Subject:   Re: Possible DoS opportunity via ping implementation error?
Message-ID:  <v02120d01b191523ade7a@[192.168.1.2]>
next in thread | raw e-mail | index | archive | help 
At 3:05 PM 27/5/98, J.A. Terranson wrote:
>I had a very interesting day today!  I found out that FBSD (2.2.5R)
>machines will
>always respond to a broadcasted echo request.  For example:

This contradicts the CERT Advisory below which states that FreeBSD does not
have the problem.

Either the CERT report is wrong, a problem has been introduced since, or
it's specific to the way you've set up your boxes.

I'd like to know which.





>=============================================================================
>CERT* Advisory CA-98.01.smurf
>Original issue date: Jan. 05, 1998
>Last revised: --
>
>Topic: "smurf" IP Denial-of-Service Attacks
>- -----------------------------------------------------------------------------
>
>This advisory is intended primarily for network administrators responsible for
>router configuration and maintenance.
>
>The attack described in this advisory is different from the denial-of-service
>attacks described in CERT advisory CA-97.28.
>
>The CERT Coordination Center has received reports from network service
>providers (NSPs), Internet service providers (ISPs), and other sites of
>continuing denial-of-service attacks involving forged ICMP echo request
>packets (commonly known as "ping" packets) sent to IP broadcast
>addresses. These attacks can result in large amounts of ICMP echo reply
>packets being sent from an intermediary site to a victim, which can cause
>network congestion or outages. These attacks have been referred to as "smurf"
>attacks because the name of one of the exploit programs attackers use to
>execute this attack is called "smurf."


>FreeBSD, Inc.
>=============
>In FreeBSD 2.2.5 and up, the tcp/ip stack does not respond to icmp
>echo requests destined to broadcast and multicast addresses by default. This
>behaviour can be changed via the sysctl command via
>mib net.inet.icmp.bmcastecho.
>

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Andrew McNaughton                                          =
 ++64 4 389 6891                Any sufficiently advanced  =
  andrew@squiz.co.nz             bug is indistinguishable  =
    http://www.newsroom.co         from a feature.         =
                                       -- Rich Kulawiec    =




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v02120d01b191523ade7a>