Security Incidents mailing list archives
Re: Smurf/broadcast "pings"
From: ed () XWING CENTIGRAM COM (UnixGeek)
Date: Thu, 6 Apr 2000 17:11:58 -0700
I think you misunderstood the tech's explanation. Anything should reply to a broadcast. The problem is when a single broadcast packet elicits multiple replies. We have a PIX, and it certainly isn't a smurf amplifier. If yours is, check your config. Edward Mitchell Centigram Unix Geek, BOfH, Network Admin, Darth Sysadmin ed () xwing centigram com http://xwing.centigram.com/ed Sheepish Lord of Chaos -------------------------------------------------------------- "Fear leads to anger. Anger leads to hate. Hate leads to using Windows NT for mission-critical applications." -- What Yoda *meant* to say On Wed, 5 Apr 2000, Dennis DeDonatis wrote:
When I asked Cisco about my PIX firewall responding to pings to the broadcast address on its internal and external interfaces, the following is their response:I do not have your pix configuration attached in the case. If you are atttempting to ping the broadcast address, which is the broadcast for the outside interface of the pix, the pix outside interface will respond to a broadcast- as will any normal network device. That is the normal behavior of the outside interface of the pix. There is no way to disable this feature at this present time. This is not considered a defect, this is the normal behavior.Does anyone else see this as a problem to have a security device act as a SMURF amplifier, or am I just nuts? Being nuts is a good possibility, but I thought I'd ask you guys before I assumed I was nuts. :) Thanks, Dennis
Current thread:
- NIPC Worm/Virus Alert Elias Levy (Apr 02)
- Smurf/broadcast "pings" Dennis DeDonatis (Apr 05)
- Re: Smurf/broadcast "pings" UnixGeek (Apr 06)
- Another day, another box hacked Jakub Urbanec (Apr 07)
- Lots of scans on port 27063 Erick Perez (Apr 08)
- Re: Lots of scans on port 27063 Blake Frantz (Apr 10)
- Re: Lots of scans on port 27063 James Stevenson (Apr 12)
- Strange & Consistent RST/ACK packets Security Guru (Apr 08)
- fragment attack of some kind ? Klavs Klavsen (Apr 11)
- Re: fragment attack of some kind ? Heiko Degenhardt (Apr 17)
- Re: Strange & Consistent RST/ACK packets Richard Bejtlich (Apr 11)
- Re: Strange & Consistent RST/ACK packets Dave Dittrich (Apr 11)
- Smurf/broadcast "pings" Dennis DeDonatis (Apr 05)