Red Hat Bugzilla – Bug 17550
default 2.2.14 kernel responds to ICMP broadcasts -- smurf attack amplifier
Last modified: 2008-05-01 11:37:58 EDT
this one is really simple. the default value of the kernel variable to inore ICMP echo broadcasts is set to , meaning it will respond to
ICMP_ECHO_REQUEST broadcasts. this means that a default RH6.2 installation can be used as smurf attack amplifier. this is not good. a
descriptin of the smurf attack is really quite simple: forge an ICMP_ECHO_REQUEST from a host and send it to a broadcast address, and the
responses will overwhelm it, pushing it off the network. this is described in a CERT note: http://www.cert.org/advisories/CA-98.01.smurf.html .
bad. sysctl this variable by defualt to 1 to ignore the broadcasts.
(yes, other kernel stuff like this is coming soon).
whoops, some typos:
the default value of the kernel variable to ignore ICMP echo broadcasts is set to 0, meaning it will respond to
ICMP_ECHO_REQUEST broadcasts. this value is stored in:
Having the kernel respond to broadcast pings can be useful in debugging, among other things.
Broadcast pings should be filtered out in routers/firewalls.
Agreed, this is not a bug, this is a characteristic of TCP/IP that should
be dealt with when designing your firewall.