Date: Wed, 27 May 1998 11:48:19 +0400 (MSD) From: bag@sinbin.demos.su (Alex G. Bulushev) To: andrew@squiz.co.nz (Andrew McNaughton) Cc: sysadmin@mfn.org, freebsd-security@FreeBSD.ORG Subject: Re: Possible DoS opportunity via ping implementation error? Message-ID: <199805270748.LAA23285@sinbin.demos.su> In-Reply-To: <v02120d01b191523ade7a@[192.168.1.2]> from "Andrew McNaughton" at "May 27, 98 05:37:46 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> At 3:05 PM 27/5/98, J.A. Terranson wrote: > >I had a very interesting day today! I found out that FBSD (2.2.5R) > >machines will > >always respond to a broadcasted echo request. For example: > > This contradicts the CERT Advisory below which states that FreeBSD does not > have the problem. > > Either the CERT report is wrong, a problem has been introduced since, or > it's specific to the way you've set up your boxes. CERT report is wrong i check -current (Apr 23) and found that it respond to broadcast ping, default net.inet.icmp.bmcastecho=1, but it alsow respond to broadcast after sysctl -w net.inet.icmp.bmcastecho=0 the good news is that in both case it not respond from aliases :) Alex. > > I'd like to know which. > > > > > > >============================================================================= > >CERT* Advisory CA-98.01.smurf > >Original issue date: Jan. 05, 1998 > >Last revised: -- > > > >Topic: "smurf" IP Denial-of-Service Attacks > >- ----------------------------------------------------------------------------- > > > >This advisory is intended primarily for network administrators responsible for > >router configuration and maintenance. > > > >The attack described in this advisory is different from the denial-of-service > >attacks described in CERT advisory CA-97.28. > > > >The CERT Coordination Center has received reports from network service > >providers (NSPs), Internet service providers (ISPs), and other sites of > >continuing denial-of-service attacks involving forged ICMP echo request > >packets (commonly known as "ping" packets) sent to IP broadcast > >addresses. These attacks can result in large amounts of ICMP echo reply > >packets being sent from an intermediary site to a victim, which can cause > >network congestion or outages. These attacks have been referred to as "smurf" > >attacks because the name of one of the exploit programs attackers use to > >execute this attack is called "smurf." > > > >FreeBSD, Inc. > >============= > >In FreeBSD 2.2.5 and up, the tcp/ip stack does not respond to icmp > >echo requests destined to broadcast and multicast addresses by default. This > >behaviour can be changed via the sysctl command via > >mib net.inet.icmp.bmcastecho. > > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Andrew McNaughton = > ++64 4 389 6891 Any sufficiently advanced = > andrew@squiz.co.nz bug is indistinguishable = > http://www.newsroom.co from a feature. = > -- Rich Kulawiec = > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805270748.LAA23285>