[17850] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: smurf amp nets

daemon@ATHENA.MIT.EDU (Craig A. Huegen)
Sat Jun 13 15:11:54 1998

Date: Sat, 13 Jun 1998 12:02:12 -0700
From: "Craig A. Huegen" <chuegen@quadrunner.com>
To: ken emery <ken@cnet.com>, Karl Denninger <karl@mcs.net>
Cc: Mikael Abrahamsson <swmike@swm.pp.se>, nanog@merit.edu
In-Reply-To: <Pine.SOL.3.96.980613090538.7716A-100000@cappone>; from ken emery on Sat, Jun 13, 1998 at 09:19:13AM -0700

On Sat, Jun 13, 1998 at 09:19:13AM -0700, ken emery wrote:

==>Solaris also has this ability.  You need to use /usr/sbin/ndd utility to 
==>turn this off.  The RFC's say that responding to directed broadcast should 
==>be on (this has been hashed out here before) so the *nix vendors leave it 
==>enabled in the default config.

This is incorrect.  The RFC (1122, section 3.2.2.6), states:

---
   An ICMP Echo Request destined to an IP broadcast or IP
   multicast address MAY be silently discarded.

   DISCUSSION:
      This neutral provision results from a passionate debate
      between those who feel that ICMP Echo to a broadcast
      address provides a valuable diagnostic capability and
      those who feel that misuse of this feature can too
      easily create packet storms.
---

There is no SHOULD in there.

www.quadrunner.com/~chuegen/smurf.txt has a few OS vendors who have
either turned replies off by default or have provided an option.

/cah


home help back first fref pref prev next nref lref last post