Re: icmp: echo reply? Am I being attacked?
Is there any detrimental effect to disabling broadcast ICMP on the Linux
side? Esseentiall doing a echo 1 >
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts?
On Thu, Jul 27, 2000 at 09:46:14AM -0400, Michael Stone wrote:
> On Thu, Jul 27, 2000 at 01:15:13PM +0100, Nuno Faria wrote:
> > Ranko Veselinovic <rvjunior@gmx.net> sent me privatly the followin
> > e-mail which I think might be relevant for the issue in question:
> > _______________________
> > I'm not sure but I think when you send an ICMP ECHO-Request to a
> > broadcast
> > address that the whole network will answer whit echo-replys.
> > I think this is a kind of smurf-attack and the address where the replys
> > where sent is the target of the attacker. You were just abuse for this
> > attack.
>
> Yes, you've been used as a smurf amplifier. The best course of action is
> to not route broadcast addresses. (I.e., packets going to .0 are blocked
> at the router.) Another approach is to
> echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
> on the linux machines. (Try putting it in a startup script.) That will
> keep them from replying to broadcast echos.
>
> --
> Mike Stone
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: