Re: Smurfing

["William Allen Simpson" <wsimpson () greendragon com>]

Thanks for the excellent reply, although you forgot to mention that
every other ICMP message, including error messages, timestamps, and
such, MUST discard broadcast/multicast.  Echo is the _only_ MAY be
discarded.

As the discussion notes, there was some controversy.  I vaguely remember
the discussion at the time.  But _all_ the stacks that I've ever worked
on follow the MAY and _do_ the discard.  Maybe I should join a *nix
group.  We need to put pressure on vendors (especially router vendors
and large commercial host vendors) to _discard_ by default.

I am unaware of any troubleshooting value.  After all, should you want
to scan for hosts, use SNMP.  Or increment your ping address.  Lots of
simple harmless ways to do the same thing.  Especially since you need to
know the (now variable) local mask to effectively use a directed
broadcast anyway.

Directed broadcast was a kludge in the first place.  Maybe it's time to
deprecate it entirely.


> From: "Craig A. Huegen" <chuegen () quadrunner com>
> Most stack implementors have chosen to respond to it because of its
> troubleshooting value; then again, the date of the RFC shows why many
> folks would tend to believe the threat of the attack wouldn't be very
> large.
WSimpson () UMich edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32