On Sat, 13 Jun 1998, Karl Denninger wrote:
On Sat, Jun 13, 1998 at 10:14:11AM +0200, Mikael Abrahamsson wrote:
On Sat, 13 Jun 1998, Jared Mauch wrote:
One other thing, it would be interesting if someone started a smurf at a smurf amp. (I'm tired, but believe that can be done, but not going to think too much about it. The loop would be interesting, and require some fun intervention to fix).
I think this is the way of the future when smurf amps get fixed. People will put these kind of things on hacked machines, sending spoofed floods to broadcast adresses locally. Since everybody seems to be going to switched nets this can create substantial amount of data.
I think the only way to solve this more permanently is to remove the response of ICMP data to broadcast adresses in the OS. Is anyone preassuring for this to happen? Is there a list of OS that actually does respond to ICMP to broadcast adresses?
Recent FreeBSD versions have an option to disable response to a broadcast ICMP.
Solaris also has this ability. You need to use /usr/sbin/ndd utility to turn this off. The RFC's say that responding to directed broadcast should be on (this has been hashed out here before) so the *nix vendors leave it enabled in the default config. On Solaris 2.5.1 the following should turn off response to directed broadcasts: ndd -set /dev/ip ip_forward_directed_broadcasts 0 There are also settings for other types of ICMP broadcast packets. The response to these types of packets may be turned off with the following: ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0 ndd -set /dev/ip ip_respond_to_echo_broadcast 0 ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0 Things could possibly be different on versions of Solaris other than 2.5.1 and different patch levels can effect these things also. So be careful when you are doing this. bye, ken emery