[418] in Best-of-Security
BoS: Re: `smurf' multi-broadcast icmp attack
daemon@ATHENA.MIT.EDU (Brian Kaye)
Thu Oct 23 08:25:02 1997
Old-X-Envelope-From: bdk@saturn.csd.unb.ca Wed Oct 22 21:56:50 1997
Date: Wed, 22 Oct 1997 08:53:21 -0300 (ADT)
From: Brian Kaye <bdk@saturn.csd.unb.ca>
Reply-To: bdk@unb.ca
cc: best-of-security@cyber.com.au
In-Reply-To: <199710161558.IAA14610@olympics.West.Sun.COM>
Old-X-Originally-To: To: Brad Powell <brad.powell@WEST.SUN.COM>
Old-X-Originated-From: From: Brian Kaye <bdk@saturn.csd.unb.ca>
Errors-To: best-of-security-request@cyber.com.au
To: best-of-security@cyber.com.au
Resent-From: best-of-security@cyber.com.au
In AIX the "no" command is ued to turn this feature on and off. By default
AIX will not respond to pings to the brodcast address. Form the man page:
bcastping Allows response to ICMP echo packets to the broadcast address. A
value of 0 turn it off; while a value on 1 turns it on. Default is 0.
bcastping is a runtime attribute.
Brian Kaye
UNB
On Thu, 16 Oct 1997, Brad Powell wrote:
>
> ----------
> X-Sun-Data-Type: text
> X-Sun-Data-Description: text
> X-Sun-Data-Name: text
> X-Sun-Charset: us-ascii
> X-Sun-Content-Lines: 15
>
>
> Therapy,
> Thanks for fix for linux! In the spirit of sharing, below is a shell
> script that is part of titan a tool suite that fixes many of these common
> problems in/for Solaris (only/mostly).
>
>
> =======================================================================
> Brad Powell : brad.powell@Sun.COM
> Sr. Network Security Consultant
> Sun Microsystems Inc.
> =======================================================================
> The views expressed are those of the author and may
> not reflect the views of Sun Microsystems Inc.
> =======================================================================
> ----------
> X-Sun-Data-Type: shell-script
> X-Sun-Data-Description: shell-script
> X-Sun-Data-Name: disable-ping.echo.sh
> X-Sun-Charset: us-ascii
> X-Sun-Content-Lines: 63
>
> #!/bin/sh
>
> # bpowell 06/21/97 script to add the ndd line to disable response to echo
> # modifies S69inet
> #
> # Note
> ###
> # This tool suite was written by and is copyright Brad Powell 1991,
> # 1992, 1993, 1994, 1995, and 1996, with help and input from Casper Dik,
> # Alec Muffett, Dan Farmer, and Matt Archibald.
> #
> # The copyright holder disclaims all responsibility or liability with
> # respect to its usage or its effect upon hardware or computer
> # systems, and maintains copyright as set out in the "LICENCE"
> # document which accompanies distribution.
> #
> # Titan version 0.1
> #
> # setup
> PATH=/usr/ucb:/bin:/usr/bin:/sbin
> MYNAME=`basename $0`
>
> # Check for execution by root
>
> if [ `/usr/xpg4/bin/id -un` != root ]
> then
> echo " "
> echo >&2 "$MYNAME: error: must be run as root."
> echo " "
> exit 1
> fi
>
>
> # Introduction
>
> # cat << EOF
> #
> # This disables ip_respond_to_echo_broadcast so that specific ping crashes
> # don't work
> # The program modifies /etc/rc2.d/S69inet
> #
> # ndd -set /dev/ip ip_respond_to_echo_broadcast 0
> # EOF
>
> # echo press enter to continue"\c"
> # read YN
>
> if test -f /etc/rc2.d/S??inet
> then
> echo " Now adding the new ndd command"
>
> ed - /etc/rc2.d/S??inet <<- !
> g/tcp_old_urp_interpretation
> a
> ndd -set /dev/ip ip_respond_to_echo_broadcast 0
> .
> w
> Q
> !
>
> echo " Modifcations to rc2.d complete"
> fi
> echo " Done."
>
>
>
