From owner-freebsd-security Thu May 28 07:18:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA20487 for freebsd-security-outgoing; Thu, 28 May 1998 07:18:54 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from chudich.co.rmit.edu.au (chudich.co.rmit.EDU.AU [131.170.32.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA20437 for ; Thu, 28 May 1998 07:18:44 -0700 (PDT) (envelope-from s9507886@tuan.cse.rmit.EDU.AU) Received: from dropbear.cse.rmit.EDU.AU (s9507886@dropbear.cse.rmit.EDU.AU [131.170.118.20]) by chudich.co.rmit.edu.au (8.8.8/8.8.8) with ESMTP id AAA01821; Fri, 29 May 1998 00:18:43 +1000 (EST) Received: (s9507886@localhost) by dropbear.cse.rmit.EDU.AU (8.8.5/8.6.12) id AAA08628; Fri, 29 May 1998 00:14:44 +1000 (EST) Date: Fri, 29 May 1998 00:14:44 +1000 (EST) Message-Id: <199805281414.AAA08628@dropbear.cse.rmit.EDU.AU> From: Tony Alexander Frank To: andrew@squiz.co.nz CC: sysadmin@mfn.org, freebsd-security@FreeBSD.ORG In-reply-to: (andrew@squiz.co.nz) Subject: Re: Possible DoS opportunity via ping implementation error? Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Hi, > >I had a very interesting day today! I found out that FBSD (2.2.5R) > >machines will > >always respond to a broadcasted echo request. For example: > This contradicts the CERT Advisory below which states that FreeBSD does not > have the problem. > > Either the CERT report is wrong, a problem has been introduced since, or > it's specific to the way you've set up your boxes. > > I'd like to know which. Well, this occurs on my 2.2.5-RELEASE and 2.2.6-RELEASE machines here. Nothing fancy done to either box, the install was straight off the Walnut Creek 2.2.5 disc set, and the 2.2.6 was done over the net. Both have default values in regards to TCP/IP and just about everything else. As such, I would tend to suggest that while the CERT report might be accurate, by default this 'feature' is enabled... > >FreeBSD, Inc. > >============= > >In FreeBSD 2.2.5 and up, the tcp/ip stack does not respond to icmp > >echo requests destined to broadcast and multicast addresses by default. This > >behaviour can be changed via the sysctl command via > >mib net.inet.icmp.bmcastecho. ivanova$ sysctl net.inet.icmp.bmcastecho net.inet.icmp.bmcastecho: 1 ivanova$ uname -r 2.2.5-RELEASE ivanova$ Hope it helps? Regards, Tony Frank To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message