[5399] in bugtraq
Re: `smurf' multi-broadcast icmp attack
daemon@ATHENA.MIT.EDU (Therapy?)
Thu Oct 16 12:50:09 1997
Date: Thu, 16 Oct 1997 14:22:35 +0100
Reply-To: Therapy? <therapy@GUARDIAN.HTU.TUWIEN.AC.AT>
From: Therapy? <therapy@GUARDIAN.HTU.TUWIEN.AC.AT>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.91.971012142256.3522B-100000@tap.net>
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
---2105513641-1199168586-877008155=:1808
Content-Type: TEXT/PLAIN; charset=US-ASCII
My host has been abused for flooding with the "smurf-exploit", posted to
bugtraq, so I patched my kernel to do not reply to ICMP_ECHO addressed to
an IP address which doesnt belong to the host (broadcasted pkt).
I recommand to install icmplog included in the iplogger packet, available
at
ftp://ftp.tu-graz.ac.at/pub/linux/redhat-contrib/SRPMS/iplogger-0.1-1.src.rpm
to find out if you're abused by smurf to flood..
It produces a lot of syslog entries for every ICMP_ECHO request received,
like...
Oct 16 13:59:53 leto icmplog: ping from clifton.netgates.co.uk
Oct 16 13:59:56 leto icmplog: ping from darkfires.abac.com
Oct 16 13:59:57 leto icmplog: ping from clifton.netgates.co.uk
Oct 16 13:59:59 leto icmplog: ping from darkfires.abac.com
...
simple patch for linux-2.0.30 attached
-therapy
---2105513641-1199168586-877008155=:1808
Content-Type: TEXT/PLAIN; charset=US-ASCII; name=hmm13
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.3.96.971016142235.1808B@guardian.htu.tuwien.ac.at>
Content-Description: icmp broadcast echo patch
LS0tIGljbXBfb3JpZy5jCVRodSBPY3QgMTYgMTM6NTc6NDggMTk5Nw0KKysr
IGljbXAuYwlUaHUgT2N0IDE2IDEzOjU4OjI2IDE5OTcNCkBAIC0xMTA4LDEy
ICsxMTA4LDkgQEANCiAJCSAqCWJ5IHNvbWUgbmV0d29yayBtYXBwaW5nIHRv
b2xzKS4NCiAJCSAqCVJGQyAxMTIyOiAzLjIuMi44IEFuIElDTVBfVElNRVNU
QU1QIE1BWSBiZSBzaWxlbnRseSBkaXNjYXJkZWQgaWYgdG8gYnJvYWRjYXN0
L211bHRpY2FzdC4NCiAJCSAqLw0KLQkJaWYgKGljbXBoLT50eXBlICE9IElD
TVBfRUNITykgDQotCQl7DQogCQkJaWNtcF9zdGF0aXN0aWNzLkljbXBJbkVy
cm9ycysrOw0KIAkJCWtmcmVlX3NrYihza2IsIEZSRUVfUkVBRCk7DQogCQkJ
cmV0dXJuKDApOw0KLSAgCQl9DQogICAJCS8qDQogICAJCSAqCVJlcGx5IHRo
ZSBtdWx0aWNhc3QvYnJvYWRjYXN0IHVzaW5nIGEgbGVnYWwNCiAgIAkJICoJ
aW50ZXJmYWNlIC0gaW4gdGhpcyBjYXNlIHRoZSBkZXZpY2Ugd2UgZ290DQo=
---2105513641-1199168586-877008155=:1808--
