From owner-freebsd-net  Thu Jun 27 12: 1:12 2002
Delivered-To: freebsd-net@freebsd.org
Received: from overlord.e-gerbil.net (e-gerbil.net [64.186.142.66])
	by hub.freebsd.org (Postfix) with ESMTP id 236D937B416
	for <freebsd-net@freebsd.org>; Thu, 27 Jun 2002 12:00:39 -0700 (PDT)
Received: by overlord.e-gerbil.net (Postfix, from userid 1000)
	id D5F4615E4B; Thu, 27 Jun 2002 15:00:32 -0400 (EDT)
Date: Thu, 27 Jun 2002 15:00:32 -0400
From: Richard A Steenbergen <ras@e-gerbil.net>
To: Peter Brezny <pbrezny@purplecat.net>
Cc: freebsd-net@freebsd.org
Subject: Re: limiting directed broadcasts with ipfw.
Message-ID: <20020627190032.GC99199@overlord.e-gerbil.net>
References: <NEBBIGLHNDFEJMMIEGOOIEGFFCAA.pbrezny@purplecat.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <NEBBIGLHNDFEJMMIEGOOIEGFFCAA.pbrezny@purplecat.net>
User-Agent: Mutt/1.3.27i
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Thu, Jun 27, 2002 at 01:18:04PM -0400, Peter Brezny wrote:
> I did a quick search through the man page, but didn't come up with anything
> right off that looked like it could help mitigate smurf attacks similar to
> the cisco:
> no ip directed-broadcast
> 
> feature.
> 
> Is there a way?

sysctl net.inet.icmp.bmcastecho=0 has been the default since... well since 
smurf came out. :)

-- 
Richard A Steenbergen <ras@e-gerbil.net>       http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message