Date: Wed, 16 Apr 2003 11:33:31 -0700 (PDT) From: Jamie Bowden <ragnar@sysabend.org> To: Larry Rosenman <ler@lerctr.org> Cc: John Polstra <jdp@polstra.com> Subject: Re: "broadcast ping" message Message-ID: <20030416113247.P46401-100000@moo.sysabend.org> In-Reply-To: <290420000.1050516098@lerlaptop.iadfw.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 16 Apr 2003, Larry Rosenman wrote: > --On Wednesday, April 16, 2003 10:58:20 -0700 John Polstra > <jdp@polstra.com> wrote: > > > In article <20030416105033.H46401-100000@moo.sysabend.org>, > > Jamie Bowden <ragnar@sysabend.org> wrote: > >> On Wed, 16 Apr 2003, John Polstra wrote: > >> > >> > To make a FreeBSD system respond to broadcast pings, you have to set > >> > the sysctl variable net.inet.icmp.bmcastecho to 1. > >> > >> Shouldn't the default be to DTRT and respond unless disabled? Until now, > >> the only systems on my network that didn't respond to broadcast pings > >> were my windows boxes, but I consider them broken by default. Why has > >> the default behavior changed, and isn't this a POLA issue? > > > > It was changed for security reasons. Responding to broadcast pings > > creates several potential denial of service attacks. > It's also against current best practices for ISP's. Even Cisco changed the > routers > to NOT respond to directed-broadcast by default. > > The RFC was NOT written for today's internet. Then submit a draft for a superceding RFC, don't ignore it just because it's inconvenient. That's a Microsoft attitude. Jamie Bowden -- "It was half way to Rivendell when the drugs began to take hold" Hunter S Tolkien "Fear and Loathing in Barad Dur" Iain Bowen <alaric@alaric.org.uk>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030416113247.P46401-100000>