From owner-freebsd-questions Fri May 18 5:15:45 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailin7.bigpond.com (juicer38.bigpond.com [139.134.6.95]) by hub.freebsd.org (Postfix) with ESMTP id D1F6137B422 for ; Fri, 18 May 2001 05:15:42 -0700 (PDT) (envelope-from dougy@gargoyle.apana.org.au) Received: from oracle ([139.134.4.51]) by mailin7.bigpond.com (Netscape Messaging Server 4.15) with SMTP id GDJ6B300.7KZ for ; Fri, 18 May 2001 22:21:03 +1000 Received: from CPE-61-9-142-177.vic.bigpond.net.au ([61.9.142.177]) by mail7.bigpond.com (Claudes-Thermal-MailRouter V2.9c 15/13129711); 18 May 2001 22:15:33 Date: Fri, 18 May 2001 22:15:38 +1000 (E. Australia Standard Time) From: Doug Young To: freebsd-questions@freebsd.org Subject: anti-smurf setup Message-ID: X-X-Sender: dougy@gargoyle.apana.org.au MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: X-Loop: FreeBSD.ORG I was just browsing through the Complete FreeBSD & stumbled across the following stuff. If blocking smurf attacks is as simple as this, why isn't the line included in the default "etc/rc.conf" ?? ### Miscellaneous network options: ### icmp_bmcastecho="NO" # respond to broadcast ping packets This parameter relates to the so-called smurf ``denial of service'' attack: according to the RFCs, a machine should respond to a ping to its broadcast address. But what happens if somebody pings a remote network's broadcast address across the Internet, as fast as he can? Each system on the remote network will reply, completely overloading the Internet interface. Yes, this is silly, but there are silly people out there. If you leave this parameter as it is, your system will not be vulnerable. See http://www.cert.org/advisories/CA-98.01.smurf.html for more details. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message