On Thu, May 18, 2000 at 07:47:31AM -0400, Mike Black wrote:
> We're currently running 2.2.15pre18.
> We were subjected to a ping smurf attack this week and I tried to disable
> icmp broadcasts with:
> echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
> The pings to x.x.x.255 and x.x.x.0 still caused the machine(s) to respond.
> I also tried to raise the icmp_echoreply_rate to 1000 with no effect.
>
> Is there something I'm missing here? Why aren't these working?
Echo to the broadcast address is something unusual but otherwise
perfectly legal operation. I just cannot see any legal use from the
outside. I therefore suggest that you use a packet filter on your
border routers to filter the entire traffic to the .255 address.
icmp_echo_ignore_broadcasts only controls if the machine itself will
answer to broadcast ICMP_ECHO_REPLY packets. It doesn't affect routing
of these packets. Similar for icmp_echoreply_rate.
Ralf
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue May 23 2000 - 21:00:17 EST