From owner-freebsd-questions  Fri May 18  5:18:59 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from bong.andmann.eu.org (world.peace.is [194.144.170.11])
	by hub.freebsd.org (Postfix) with ESMTP id 3E2EB37B422
	for <freebsd-questions@freebsd.org>; Fri, 18 May 2001 05:18:56 -0700 (PDT)
	(envelope-from andmann@bong.andmann.eu.org)
Received: (from andmann@localhost)
	by bong.andmann.eu.org (8.11.0/8.11.0) id f4ICHhB02184;
	Fri, 18 May 2001 12:17:43 GMT
Date: Fri, 18 May 2001 12:17:43 +0000
From: "David S. Geirsson" <andmann@andmann.eu.org>
To: Doug Young <dougy@gargoyle.apana.org.au>
Cc: freebsd-questions@freebsd.org
Subject: Re: anti-smurf setup
Message-ID: <20010518121743.E1096@bong.andmann.eu.org>
References: <Pine.WNT.4.21.0105182211380.1272-100000@oracle>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.WNT.4.21.0105182211380.1272-100000@oracle>; from dougy@gargoyle.apana.org.au on Fri, May 18, 2001 at 10:15:38PM +1000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
X-Loop: FreeBSD.ORG

Actually, this will not stop you from being the victim of smurf attacks,
only stop your machine from being a smurf amplifier. (the actual target is
the spoofed source of the ping sent to the broadcast). Also, most sane
routers block broadcast pings anyway.

On Fri, May 18, 2001 at 10:15:38PM +1000, Doug Young wrote:
> I was just browsing through the Complete FreeBSD & stumbled across the
> following stuff. If blocking smurf attacks is as simple as this, why 
> isn't the line included in the default "etc/rc.conf" ??
>  
> 
> ### Miscellaneous network options: ###
> icmp_bmcastecho="NO"               # respond to broadcast ping packets
> 
> This  parameter  relates  to  the so-called smurf ``denial of service''
> attack: according to the RFCs, a machine should respond to  a  ping  to
> its broadcast address.   But  what  happens  if  somebody  pings a remote
> network's broadcast address across the Internet, as fast as he can?   
> Each  system  on  the remote network  will  reply, completely overloading 
> the Internet interface.  Yes, this is silly, but there are silly people 
> out there.  If you leave this parameter as it  is,  your  system  will  
> not  be vulnerable.  See http://www.cert.org/advisories/CA-98.01.smurf.html 
> for more details.
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

-- 
Davíð Steinn Geirsson
andmann@andmann.eu.org
(354)-8696608

"Support staff hung over, Send aspirin and come back LATER."

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message