Date: Fri, 18 May 2001 12:17:43 +0000 From: "David S. Geirsson" <andmann@andmann.eu.org> To: Doug Young <dougy@gargoyle.apana.org.au> Cc: freebsd-questions@freebsd.org Subject: Re: anti-smurf setup Message-ID: <20010518121743.E1096@bong.andmann.eu.org> In-Reply-To: <Pine.WNT.4.21.0105182211380.1272-100000@oracle>; from dougy@gargoyle.apana.org.au on Fri, May 18, 2001 at 10:15:38PM %2B1000 References: <Pine.WNT.4.21.0105182211380.1272-100000@oracle>
next in thread | previous in thread | raw e-mail | index | archive | help
Actually, this will not stop you from being the victim of smurf attacks, only stop your machine from being a smurf amplifier. (the actual target is the spoofed source of the ping sent to the broadcast). Also, most sane routers block broadcast pings anyway. On Fri, May 18, 2001 at 10:15:38PM +1000, Doug Young wrote: > I was just browsing through the Complete FreeBSD & stumbled across the > following stuff. If blocking smurf attacks is as simple as this, why > isn't the line included in the default "etc/rc.conf" ?? > > > ### Miscellaneous network options: ### > icmp_bmcastecho="NO" # respond to broadcast ping packets > > This parameter relates to the so-called smurf ``denial of service'' > attack: according to the RFCs, a machine should respond to a ping to > its broadcast address. But what happens if somebody pings a remote > network's broadcast address across the Internet, as fast as he can? > Each system on the remote network will reply, completely overloading > the Internet interface. Yes, this is silly, but there are silly people > out there. If you leave this parameter as it is, your system will > not be vulnerable. See http://www.cert.org/advisories/CA-98.01.smurf.html > for more details. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Davíð Steinn Geirsson andmann@andmann.eu.org (354)-8696608 "Support staff hung over, Send aspirin and come back LATER." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010518121743.E1096>