Bugtraq mailing list archives
Re: `smurf' multi-broadcast icmp attack
From: jlewis () INORGANIC5 FDT NET (Jon Lewis)
Date: Thu, 16 Oct 1997 11:10:06 -0400
On Thu, 16 Oct 1997, Therapy? wrote:
My host has been abused for flooding with the "smurf-exploit", posted to bugtraq, so I patched my kernel to do not reply to ICMP_ECHO addressed to an IP address which doesnt belong to the host (broadcasted pkt).
Why hack and slash at your kernel when you can accomplish the same goal with ipfwadm? ipfwadm -I -a deny -P icmp -D 123.123.123.0 -S 0/0 0 8 ipfwadm -I -a deny -P icmp -D 123.123.123.255 -S 0/0 0 8 replace 123.123.123.0 and 123.123.123.255 with the actual network and broadcast addresses for your lan.
I recommand to install icmplog included in the iplogger packet, available at ftp://ftp.tu-graz.ac.at/pub/linux/redhat-contrib/SRPMS/iplogger-0.1-1.src.rpm to find out if you're abused by smurf to flood..
If you're being used as a smurf amplifier...you'll know. ------------------------------------------------------------------ Jon Lewis <jlewis () fdt net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
Current thread:
- `smurf' multi-broadcast icmp attack T. Freak (Oct 12)
- Re: `smurf' multi-broadcast icmp attack Craig A. Huegen (Oct 13)
- Re: `smurf' multi-broadcast icmp attack Ben (Oct 13)
- broadcast ip scanning script hyped (Oct 13)
- Re: `smurf' multi-broadcast icmp attack Therapy? (Oct 16)
- Re: `smurf' multi-broadcast icmp attack Jon Lewis (Oct 16)
- Update - Seattle Lab Slmail v2.5 for NT vulnerable David LeBlanc (Oct 16)
- wwwcount remote exploit Nicolas Dubee (Oct 16)
- Re: wwwcount remote exploit (@ Solaris) Jan Wedekind (Oct 17)
- Security Hole in Explorer 4.0 Aleph One (Oct 17)
- computer immunology VaX#n8 (Oct 17)
- Jabadoo Security Hack Aleph One (Oct 17)
- WinNT syscalls insecurity Solar Designer (Oct 19)
- Re: WinNT syscalls insecurity Roger Espel Llima (Oct 18)
- Run, RunOnce and Uninstall Registry Keys Vulnerability Aleph One (Oct 16)
- <Possible follow-ups>
- Re: `smurf' multi-broadcast icmp attack Brad Powell (Oct 16)