Re: Smurf/broadcast "pings"

[ed () XWING CENTIGRAM COM (UnixGeek)]

I think you misunderstood the tech's explanation.  Anything should reply
to a broadcast.  The problem is when a single broadcast packet elicits
multiple replies.  We have a PIX, and it certainly isn't a smurf
amplifier.  If yours is, check your config.

                            Edward Mitchell
        Centigram Unix Geek, BOfH, Network Admin, Darth Sysadmin
                         ed () xwing centigram com
                      http://xwing.centigram.com/ed
                          Sheepish Lord of Chaos
--------------------------------------------------------------
"Fear leads to anger. Anger leads to hate. Hate leads to using
Windows NT for mission-critical applications."
     -- What Yoda *meant* to say

On Wed, 5 Apr 2000, Dennis DeDonatis wrote:

> When I asked Cisco about my PIX firewall responding to pings to
> the broadcast address on its internal and external interfaces, the
> following is their response:
>
> >  I do not have your pix configuration attached in the case. If you are
> >  atttempting to ping the broadcast address, which is the broadcast for
> >  the outside interface of the pix, the pix  outside interface will
> >  respond to a broadcast- as will any normal network device. That is
> >  the normal behavior of the outside interface of the pix. There is no
> >  way to disable this feature at this present time. This is not
> >  considered a defect, this is the normal behavior.
>
> Does anyone else see this as a problem to have a security device
> act as a SMURF amplifier, or am I just nuts?
>
> Being nuts is a good possibility, but I thought I'd ask you guys
> before I assumed I was nuts. :)
>
> Thanks,
>
> Dennis