[4984] in bugtraq
Re: ICMP ECHO_REQUESTS to BROADCAST addresses (fwd)
daemon@ATHENA.MIT.EDU (Alan Cox)
Tue Jul 22 19:07:01 1997
Date: Tue, 22 Jul 1997 23:13:13 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: amonk@LABYRINTH.CFTNET.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.91.970722093315.15654B-100000@labyrinth.cftnet.com>
from "Kyle Amon" at Jul 22, 97 09:59:36 am
> Anyone doing serious multicasting might want to take some preventive measures
> with ICMP ECHO_REQUEST packets to the multicast address as well. I don't
> have anything to test it on now, but as I recall, the same behavior, on an
> obviously much smaller scale, is present here as well and could likely slip
> through router rules if not looked at.
One big problem here is customers. The original Linux code didnt reply
to broadcast pings and everyone screamed their network monitor/mapping tool
didnt work with it even though RFC1122 says its merely a MAY
For Linux/*BSD its easy to firewall the relevant addresses in the OS. Also
firewall 255.255.255.255 otherwise people do things like source routed
all host broadcasts
