Security Incidents mailing list archives
(no subject)
From: warren () BELFER ORG (Warren Belfer)
Date: Tue, 11 Apr 2000 20:57:09 -0700
From: UnixGeek <ed () XWING CENTIGRAM COM> Subject: Re: Smurf/broadcast "pings"
I think you misunderstood the tech's explanation. Anything should reply to a broadcast.
I'm sure I'm missing something here but "anything" does not need to respond to a broadcast ping. Both the host requirements document and the router requirements document go to some length to point out the possible problem and the resultant lack of consensus on this issue (even way back then). If a host or router does respond to broadcast pings by default, it should be easy to turn it off. If it cannot be, then it is a problem in this day and age. If the vendor responds with
the normal behavior of the outside interface of the pix. There is no way to disable this feature at this present time. This is not considered a defect, this is the normal behavior.
I am surprised and would consider looking for a different vendor. Really surprised cisco would say this. Sort of hard to get another vendor. :-( Per RFC-1122 sec 3.2.2.6 (which see for further discussion) "An ICMP Echo Request destined to an IP broadcast or IP multicast address MAY be silently discarded." No, Dennis, you are not nuts. warren
Current thread:
- (no subject) Warren Belfer (Apr 11)