From owner-freebsd-security  Tue May 26 20:18:46 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA01191
          for freebsd-security-outgoing; Tue, 26 May 1998 20:18:46 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from dc1.mfn.org (dc1.mfn.org [204.238.179.1])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id UAA01170
          for <freebsd-security@freebsd.org>; Tue, 26 May 1998 20:18:32 -0700 (PDT)
          (envelope-from sysadmin@mfn.org)
Received: from w3svcs.mfn.org (unverified [204.238.179.11]) by mail.mfn.org
 (EMWAC SMTPRS 0.83) with SMTP id <B0000016311@mail.mfn.org>;
 Tue, 26 May 1998 22:08:19 -0500
Received: by w3svcs.mfn.org with Microsoft Mail
	id <01BD88F2.6DDD3A40@w3svcs.mfn.org>; Tue, 26 May 1998 22:05:44 -0500
Message-ID: <01BD88F2.6DDD3A40@w3svcs.mfn.org>
From: "J.A. Terranson" <sysadmin@mfn.org>
To: "'FreeBSD Security'" <freebsd-security@FreeBSD.ORG>
Subject: Possible DoS opportunity via ping implementation error?
Date: Tue, 26 May 1998 22:05:42 -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

I had a very interesting day today!  I found out that FBSD (2.2.5R) machines will
always respond to a broadcasted echo request.  For example:

W2>ping 10.1.1.255
PING 10.1.1.255 (10.1.1.255): 56 data bytes
64 bytes from 10.1.1.20: icmp_seq=1 ttl=255 time=4.746 ms
64 bytes from 10.1.1.23: icmp_seq=1 ttl=255 time=45.864 ms (DUP!)
      lots of these dups...

In fact, 1 dup for every FBSD machine on the subnet (interestingly, there
were no replies from my NT4.0 boxes...)

Since I do not follow the "security" list, please respond directly.  Thanks.

J.A. Terranson
sysadmin@mfn.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message