There is no noise, only signal. There is no signal, only noise. On Apr 26, 3:35pm, Craig A. Huegen wrote: *On Sat, 25 Apr 1998, Rusty Zickefoose wrote: * *==> We requests that your routers be configurable, at the interface *==>level, to prevent the forwarding of an ICMP echo-request packet through an *==>interface that has a broadcast or wire address that matches the *==>destination address of that packet. We also request that the default *==>configurations of your routers be modified to prevent said forwarding. * *This is against RFC 1812. * *RFC 1812, "Requirements for IP Version 4 Routers", Section 5.3.5, *specifies: * *--- * A router MAY have an option to disable receiving network-prefix- * directed broadcasts on an interface and MUST have an option to * disable forwarding network-prefix-directed broadcasts. These options * MUST default to permit receiving and forwarding network-prefix- * directed broadcasts. *--- Yes, well, the fact that most vendors do NOT have a knob to turn this off is also against RFC 1812 (same paragraph, previous sentence) and that's a big part of the smurf problem. *Someone has stated before that editor(s) of said RFC are aware of this and *have discussed the change in default. No, jhawk said the editor(s) are "certainly aware" of the fact that the RFC could use some updating. No one said that they actually are aware, nor whether anyone is making an effort to update the document. If anyone originally associated with the document IS in fact working to change RFC 1812, I'd really like to hear about it. Privately or publicly. Please feel free to forward this note to the relevant parties if you know them. I have a keen interest in the topic. Thank you. *Note that I'm not arguing that it *should* be the default, I'm just *arguing that vendors have implemented it this way because that's the way *they were told to in the RFC. If after reading *http://www.quadrunner.com/~chuegen/smurf.txt, you think that I believe *directed-broadcasts should be on by default, go back and read agian. =) The point is that forwarding directed broadcasts should be off by default and that: 1. RFC 1812 should be changed to reflect this and 2. Vendors should modify their code to reflect this Whether these two things happen in parallel or serial is relevant only inasmuch as the vendor doth protest that they one must come before the other. They should both occur. And if a vendor wants to argue that they are in keeping with RFC 1812 by having the forwarding of directed broadcasts on by default BUT do not have a knob built in to turn it off, then that looks a bit hypocritical and they open themselves up to all sorts of taunting. *Now, since this has been beaten past the jelly stage, can we please put *the topic to sleep? Thank you. I seriously doubt that this topic is going to die until Smurf attacks get quite a bit smaller or go out of vogue. Just to be clear, Rusty asked whether requesting that the various vendors in the world create a knob to turn off the forwarding of directed broadcasts combined with requesting that it is configured off as a default setting would meet with approval by most of the readers of NANOG, not whether it was feasible or in keeping with the RFC. It is a known thing that this type of request doesn't meet the criteria of the RFC and lots of different folks are hoping that the RFC will change. I'm wondering whether there's any duplication of effort to that end (or any effort at all) going on. Kelly J. -- Kelly J. Cooper - Internet Security Officer GTE Internetworking - Powered by BBN - 800-632-7638 150 Cambridge Park Drive Fax - 617-873-5508 Cambridge, MA 02140 http://www.bbn.com