From owner-freebsd-security  Wed May 27 08:21:41 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA18261
          for freebsd-security-outgoing; Wed, 27 May 1998 08:21:41 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from implode.root.com (implode.root.com [198.145.90.17])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA18140
          for <freebsd-security@FreeBSD.ORG>; Wed, 27 May 1998 08:21:24 -0700 (PDT)
          (envelope-from root@implode.root.com)
Received: from implode.root.com (localhost [127.0.0.1])
	by implode.root.com (8.8.5/8.8.5) with ESMTP id IAA07595;
	Wed, 27 May 1998 08:21:23 -0700 (PDT)
Message-Id: <199805271521.IAA07595@implode.root.com>
To: Bart Smit <bit@signature.nl>
cc: "J.A. Terranson" <sysadmin@mfn.org>,
        "'FreeBSD Security'" <freebsd-security@FreeBSD.ORG>
Subject: Re: SMURF in 2.2.5 
In-reply-to: Your message of "Wed, 27 May 1998 10:50:05 +0200."
             <Pine.BSF.3.96.980527104739.29546A-100000@pollux.or.signature.nl> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Wed, 27 May 1998 08:21:23 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

>On Wed, 27 May 1998, J.A. Terranson wrote:
>
>> I will not report this to bugtraq untill you guys tell me there's
>> a patch...
>
>Well,  sysctl -w net.inet.icmp.bmcastecho=0  does not help, contrary to
>what you'd expect from the advisory...

   That's because the logic for it was broken in the kernel. I just fixed it
yesterday. Diff attached (line numbers in -stable will vary slightly).

-DG

David Greenman
Co-founder/Principal Architect, The FreeBSD Project

Index: ip_icmp.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_icmp.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -c -r1.29 -r1.30
*** ip_icmp.c	1997/08/25 16:29:27	1.29
--- ip_icmp.c	1998/05/26 11:34:30	1.30
***************
*** 375,382 ****
  
  	case ICMP_ECHO:
  		if (!icmpbmcastecho
! 		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0
! 		    && IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
  			icmpstat.icps_bmcastecho++;
  			break;
  		}
--- 375,381 ----
  
  	case ICMP_ECHO:
  		if (!icmpbmcastecho
! 		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0) {
  			icmpstat.icps_bmcastecho++;
  			break;
  		}
***************
*** 385,392 ****
  
  	case ICMP_TSTAMP:
  		if (!icmpbmcastecho
! 		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0
! 		    && IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
  			icmpstat.icps_bmcasttstamp++;
  			break;
  		}
--- 384,390 ----
  
  	case ICMP_TSTAMP:
  		if (!icmpbmcastecho
! 		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0) {
  			icmpstat.icps_bmcasttstamp++;
  			break;
  		}

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message