From owner-freebsd-security Wed May 27 08:21:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA18142 for freebsd-security-outgoing; Wed, 27 May 1998 08:21:24 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from echonyc.com (echonyc.com [198.67.15.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA18065 for ; Wed, 27 May 1998 08:21:07 -0700 (PDT) (envelope-from benedict@echonyc.com) Received: from localhost (benedict@localhost) by echonyc.com (8.8.7/8.8.7) with SMTP id LAA15631; Wed, 27 May 1998 11:20:38 -0400 (EDT) Date: Wed, 27 May 1998 11:20:37 -0400 (EDT) From: Snob Art Genre Reply-To: ben@rosengart.com To: "J.A. Terranson" cc: "'FreeBSD Security'" Subject: Re: Possible DoS opportunity via ping implementation error? In-Reply-To: <01BD88F2.6DDD3A40@w3svcs.mfn.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Tue, 26 May 1998, J.A. Terranson wrote: > I had a very interesting day today! I found out that FBSD (2.2.5R) > machines will always respond to a broadcasted echo request. For > example: > > W2>ping 10.1.1.255 > PING 10.1.1.255 (10.1.1.255): 56 data bytes > 64 bytes from 10.1.1.20: icmp_seq=1 ttl=255 time=4.746 ms > 64 bytes from 10.1.1.23: icmp_seq=1 ttl=255 time=45.864 ms (DUP!) > lots of these dups... I've always found this useful, for when I want to build a complete ARP cache for the local network. I use it with NeXTStep all the time. Perhaps the behavior should be modified to respond to broadcast pings iff they're from a directly connected network, otherwise ignore? Ben "You have your mind on computers, it seems." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message