Bugtraq mailing list archives

Re: `smurf' multi-broadcast icmp attack

From: brad.powell () WEST SUN COM (Brad Powell)
Date: Thu, 16 Oct 1997 08:58:17 -0700


----------
X-Sun-Data-Type: text
X-Sun-Data-Description: text
X-Sun-Data-Name: text
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 15


Therapy,
Thanks for fix for linux!  In the spirit of sharing, below is a shell
script that is part of titan a tool suite that fixes many of these common
problems in/for Solaris (only/mostly).


=======================================================================
Brad Powell : brad.powell () Sun COM
Sr. Network Security Consultant
Sun Microsystems Inc.
=======================================================================
               The views expressed are those of the author and may
                  not reflect the views of Sun Microsystems Inc.
=======================================================================
----------
X-Sun-Data-Type: shell-script
X-Sun-Data-Description: shell-script
X-Sun-Data-Name: disable-ping.echo.sh
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 63

#!/bin/sh

# bpowell 06/21/97  script to add the ndd line to disable response to echo
# modifies S69inet
#
# Note
###
# This tool suite was written by and is copyright Brad Powell 1991,
# 1992, 1993, 1994, 1995, and 1996, with help and input from Casper Dik,
# Alec Muffett, Dan Farmer, and Matt Archibald.
#
# The copyright holder disclaims all responsibility or liability with
# respect to its usage or its effect upon hardware or computer
# systems, and maintains copyright as set out in the "LICENCE"
# document which accompanies distribution.
#
# Titan version 0.1
#
# setup
PATH=/usr/ucb:/bin:/usr/bin:/sbin
MYNAME=`basename $0`

# Check for execution by root

    if [ `/usr/xpg4/bin/id -un` != root ]
    then
        echo " "
        echo >&2 "$MYNAME: error: must be run as root."
        echo " "
        exit 1
    fi


#   Introduction

# cat << EOF
#
# This disables ip_respond_to_echo_broadcast so that specific ping crashes
# don't work
# The program modifies /etc/rc2.d/S69inet
#
# ndd -set /dev/ip ip_respond_to_echo_broadcast 0
# EOF

# echo press enter to continue"\c"
# read YN

if test -f /etc/rc2.d/S??inet
then
                echo "  Now adding the new ndd command"

                ed - /etc/rc2.d/S??inet <<- !
                g/tcp_old_urp_interpretation
                a
                ndd -set /dev/ip ip_respond_to_echo_broadcast 0
                .
                w
                Q
                !

        echo "   Modifcations to rc2.d complete"
fi
        echo "   Done."

Current thread:

Re: `smurf' multi-broadcast icmp attack, (continued)
- - Re: `smurf' multi-broadcast icmp attack Jon Lewis (Oct 16)
  - Update - Seattle Lab Slmail v2.5 for NT vulnerable David LeBlanc (Oct 16)
  - wwwcount remote exploit Nicolas Dubee (Oct 16)
    - Re: wwwcount remote exploit (@ Solaris) Jan Wedekind (Oct 17)
    - Security Hole in Explorer 4.0 Aleph One (Oct 17)
    - computer immunology VaX#n8 (Oct 17)
    - Jabadoo Security Hack Aleph One (Oct 17)
    - WinNT syscalls insecurity Solar Designer (Oct 19)
    - Re: WinNT syscalls insecurity Roger Espel Llima (Oct 18)
  - Run, RunOnce and Uninstall Registry Keys Vulnerability Aleph One (Oct 16)
- Re: `smurf' multi-broadcast icmp attack Brad Powell (Oct 16)