Bug 17550 - default 2.2.14 kernel responds to ICMP broadcasts -- smurf attack amplifier
Summary: default 2.2.14 kernel responds to ICMP broadcasts -- smurf attack amplifier
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel   
(Show other bugs)
Version: 6.2
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-09-15 20:15 UTC by jose nazario
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-01-18 17:22:41 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description jose nazario 2000-09-15 20:15:23 UTC
this one is really simple. the default value of the kernel variable to inore ICMP echo broadcasts is set to , meaning it will respond to 
ICMP_ECHO_REQUEST broadcasts. this means that a default RH6.2 installation can be used as smurf attack amplifier. this is not good. a 
descriptin of the smurf attack is really quite simple: forge an ICMP_ECHO_REQUEST from a host and send it to a broadcast address, and the 
responses will overwhelm it, pushing it off the network. this is described in a CERT note: http://www.cert.org/advisories/CA-98.01.smurf.html .

bad. sysctl this variable by defualt to 1 to ignore the broadcasts. 

(yes, other kernel stuff like this is coming soon).

Comment 1 jose nazario 2000-09-15 20:19:25 UTC
whoops, some typos:

the default value of the kernel variable to ignore ICMP echo broadcasts is set to 0, meaning it will respond to 
 ICMP_ECHO_REQUEST broadcasts. this value is stored in:

/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts


Comment 2 Pekka Savola 2000-09-15 22:56:38 UTC
Having the kernel respond to broadcast pings can be useful in debugging, among other things. 

Broadcast pings should be filtered out in routers/firewalls.




Comment 3 Michael K. Johnson 2002-01-18 21:12:43 UTC
Agreed, this is not a bug, this is a characteristic of TCP/IP that should
be dealt with when designing your firewall.


Note You need to log in before you can comment on or make changes to this bug.