[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: icmp: echo reply? Am I being attacked?

On Thu, Jul 27, 2000 at 01:15:13PM +0100, Nuno Faria wrote:
> Ranko Veselinovic <rvjunior@gmx.net> sent me privatly the followin
> e-mail which I think might be relevant for the issue in question:
> _______________________
> I'm not sure but I think when you send an ICMP ECHO-Request to a
> broadcast
> address that the whole network will answer whit echo-replys. 
> I think this is a kind of smurf-attack and the address where the replys
> where sent is the target of the attacker. You were just abuse for this
> attack.

Yes, you've been used as a smurf amplifier. The best course of action is
to not route broadcast addresses. (I.e., packets going to .0 are blocked
at the router.) Another approach is to 
	echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
on the linux machines. (Try putting it in a startup script.) That will
keep them from replying to broadcast echos.

-- 
Mike Stone
Reply to: