From owner-freebsd-security  Wed May 27 11:57:04 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA02482
          for freebsd-security-outgoing; Wed, 27 May 1998 11:57:04 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA02351
          for <freebsd-security@FreeBSD.ORG>; Wed, 27 May 1998 11:56:31 -0700 (PDT)
          (envelope-from mike@seidata.com)
Received: from localhost (mike@localhost)
	by ns1.seidata.com (8.8.8/8.8.5) with SMTP id OAA11729;
	Wed, 27 May 1998 14:55:55 -0400 (EDT)
Date: Wed, 27 May 1998 14:55:55 -0400 (EDT)
From: Mike <mike@seidata.com>
To: "J.A. Terranson" <sysadmin@mfn.org>
cc: "'FreeBSD Security'" <freebsd-security@FreeBSD.ORG>
Subject: Re: Possible DoS opportunity via ping implementation error?
In-Reply-To: <01BD88F2.6DDD3A40@w3svcs.mfn.org>
Message-ID: <Pine.BSF.3.96.980527143647.6852B-100000@ns1.seidata.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

On Tue, 26 May 1998, J.A. Terranson wrote:

> I found out that FBSD (2.2.5R) machines will always respond to a
> broadcasted echo request.  For example:

Hmm...  Before the advisory and numerous posts here, I thought this was
common knowledge.  Guess not...

My ingorance is probably due to the fact that I have *very* general
knowledge on how a SMURF attack actually works (i.e. DoS through massive
broadcast replies), but I'm not sure of any details.

> W2>ping 10.1.1.255
> PING 10.1.1.255 (10.1.1.255): 56 data bytes
> 64 bytes from 10.1.1.20: icmp_seq=1 ttl=255 time=4.746 ms
> 64 bytes from 10.1.1.23: icmp_seq=1 ttl=255 time=45.864 ms (DUP!)
>       lots of these dups...

This same type of behavior is exhibited on 2.2.5-R, 2.2.6-R and
3.0-CURRENT boxes here when pinging any boradcast.

Although I never knew it was a 'problem' perse, at least now I know how to
fix it (manually for release boxes or with a new cvsup for current)...
thanks mostly to the efforts of FreeBSD users (warm, fuzzy feeling
ensues).  Thanks guys.  :)

---
 Mike Hoskins				Email: mike@seidata.com
 SEI Data Network Services, Inc.	  WWW: http://www.seidata.com
 P.O. Box 7, 14005 U.S. 50 (BLD2)	Voice: 800.925.6746 ex. 251
 Dillsboro, IN 47018			  Fax: 812.744.8000


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message