From owner-freebsd-security  Wed May 27 21:12:26 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA22560
          for freebsd-security-outgoing; Wed, 27 May 1998 21:12:26 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from passer.osg.gov.bc.ca (0@passer.osg.gov.bc.ca [142.32.110.29])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA22493
          for <freebsd-security@FreeBSD.ORG>; Wed, 27 May 1998 21:12:13 -0700 (PDT)
          (envelope-from cy@cschuber.net.gov.bc.ca)
Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id VAA03184; Wed, 27 May 1998 21:12:10 -0700 (PDT)
Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com"
 via SMTP by passer.osg.gov.bc.ca, id smtpdaakspa; Wed May 27 21:11:59 1998
Received: (from uucp@localhost) by cwsys.cwsent.com (8.9.0/8.6.10) id VAA07122; Wed, 27 May 1998 21:11:49 -0700 (PDT)
Message-Id: <199805280411.VAA07122@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdWQ7110; Wed May 27 21:11:40 1998
X-Mailer: exmh version 2.0.2 2/24/98
Reply-to: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
X-Sender: cy
To: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
cc: Bart Smit <bit@signature.nl>, "J.A. Terranson" <sysadmin@mfn.org>,
        "'FreeBSD Security'" <freebsd-security@FreeBSD.ORG>
Subject: Re: SMURF in 2.2.5 
In-reply-to: Your message of "Wed, 27 May 1998 09:22:50 PDT."
             <199805271623.JAA05578@passer.osg.gov.bc.ca> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 27 May 1998 21:11:39 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

> > 
> > On Wed, 27 May 1998, J.A. Terranson wrote:
> > 
> > > I will not report this to bugtraq untill you guys tell me there's
> > > a patch...
> > 
> > Well,  sysctl -w net.inet.icmp.bmcastecho=0  does not help, contrary to
> > what you'd expect from the advisory...
> 
> What about ipfw?  For example, where 123.123.123.0 is your network 
> address,
> 
> ipfw add deny icmp from 123.123.123.0 to any
> ipfw add deny icmp from 123.123.123.255 to any

It looks like I've been a little dyslexic in my previos post.  This 
should have been,

ipfw add deny icmp from any to 123.123.123.255

To circumvent the fraggle (UDP) attack,

ipfw add deny udp from any to 123.123.123.255

This has the added benefit of denying not only broadcast icmp (and udp) 
packets that are destined in but also broadcast icmp (and udp) packets 
destined out as well.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Open Systems Group          Internet:  cschuber@uumail.gov.bc.ca
ITSD                                   Cy.Schubert@gems8.gov.bc.ca
Government of BC            




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message