Bug 17550
Summary: | default 2.2.14 kernel responds to ICMP broadcasts -- smurf attack amplifier | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | jose nazario <jose> |
Component: | kernel | Assignee: | Arjan van de Ven <arjanv> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.2 | CC: | pekkas |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2002-01-18 17:22:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
jose nazario
2000-09-15 20:15:23 UTC
whoops, some typos: the default value of the kernel variable to ignore ICMP echo broadcasts is set to 0, meaning it will respond to ICMP_ECHO_REQUEST broadcasts. this value is stored in: /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts Having the kernel respond to broadcast pings can be useful in debugging, among other things. Broadcast pings should be filtered out in routers/firewalls. Agreed, this is not a bug, this is a characteristic of TCP/IP that should be dealt with when designing your firewall. |