Thanks for the excellent reply, although you forgot to mention that every other ICMP message, including error messages, timestamps, and such, MUST discard broadcast/multicast. Echo is the _only_ MAY be discarded. As the discussion notes, there was some controversy. I vaguely remember the discussion at the time. But _all_ the stacks that I've ever worked on follow the MAY and _do_ the discard. Maybe I should join a *nix group. We need to put pressure on vendors (especially router vendors and large commercial host vendors) to _discard_ by default. I am unaware of any troubleshooting value. After all, should you want to scan for hosts, use SNMP. Or increment your ping address. Lots of simple harmless ways to do the same thing. Especially since you need to know the (now variable) local mask to effectively use a directed broadcast anyway. Directed broadcast was a kludge in the first place. Maybe it's time to deprecate it entirely.
From: "Craig A. Huegen" <chuegen@quadrunner.com> Most stack implementors have chosen to respond to it because of its troubleshooting value; then again, the date of the RFC shows why many folks would tend to believe the threat of the attack wouldn't be very large.
WSimpson@UMich.edu Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32