[4879] in bugtraq
Re: Solaris Ping bug (DoS)
daemon@ATHENA.MIT.EDU (Brad Powell)
Wed Jul 9 11:24:54 1997
Date: Wed, 9 Jul 1997 07:27:51 -0700
Reply-To: Brad Powell <brad.powell@WEST.SUN.COM>
From: Brad Powell <brad.powell@WEST.SUN.COM>
X-To: bmfrankl@mtu.edu
To: BUGTRAQ@NETSPACE.ORG
Here is a simple workaround for the ping crash bug. It was posted before
but I've prettied up the fix a little putting it into a titan wrapper.
Brad
===============================cut here==================================
#!/bin/sh
# bpowell 06/21/97 generic titan wrapper for:
# add the ndd line to disable response to echo modifies S69inet
#
# Note: none
# version 0.1
#
# setup
PATH=/usr/ucb:/bin:/usr/bin:/sbin
MYNAME=`basename $0`
# Check for execution by root
if [ `/usr/xpg4/bin/id -un` != root ]
then
echo " "
echo >&2 "$MYNAME: error: must be run as root."
echo " "
exit 1
fi
# Introduction
# cat << EOF
#
# This disables ip_respond_to_echo_broadcast so that specific ping crashes
# don't work
# The program modifies /etc/rc2.d/S69inet
#
# ndd -set /dev/ip ip_respond_to_echo_broadcast 0
# EOF
# echo press enter to continue"\c"
# read YN
if test -f /etc/rc2.d/S??inet
then
echo " Now adding the new ndd command"
ed - /etc/rc2.d/S??inet <<- !
g/tcp_old_urp_interpretation
a
ndd -set /dev/ip ip_respond_to_echo_broadcast 0
.
w
Q
!
echo " Modifcations to rc2.d complete"
fi
echo " Done."
