[lug] Smurfing
Greg Horne
jeerygh at hotmail.com
Thu Aug 16 10:33:25 MDT 2001
How do I use this command on my inside ethernet device?
>From: Gus Huber <gus at pbx.org>
>Reply-To: lug at lug.boulder.co.us
>To: lug at lug.boulder.co.us
>Subject: Re: [lug] Smurfing
>Date: Wed, 15 Aug 2001 17:11:23 -0500
>
>It would probaly be a good idea to make sure you have the following command
>on your inside ethernet interface: no ip directed-broadcast
>
>ie:
>
>interface FastEthernet0/1
>no ip directed-broadcast
>end
>
>which prevents packets from being passed to any broadcast addresses there
>might be on that interface.
>
> cheers,
> gus huber <gus at pbx.org>
>
>On Wed, Aug 15, 2001 at 09:03:19PM +0000, Greg Horne wrote:
> > I have the network behind a Cisco 2524 router, which I am pretty sure is
> > configured to only allow outgoing traffic from my IP class. Do you
>think it
> > would be okay to leave icmp echo on in the linux boxes or not?
> >
> > Thanks,
> > Greg Horne
> >
> > >From: "John Hernandez" <John.Hernandez at noaa.gov>
> > >Reply-To: lug at lug.boulder.co.us
> > >To: lug at lug.boulder.co.us
> > >Subject: Re: [lug] Smurfing
> > >Date: Wed, 15 Aug 2001 14:33:26 -0600
> > >
> > >Greg Horne wrote:
> > > >
> > > > Hi all!
> > > >
> > > > I recently was reading about Smurfing and decided to test my linux
>box.
> > >I
> > > > typed this command:
> > > > ping -c 10 -s 1 -q -b 207.202.197.0
> > > >
> > > > and received the output:
> > > >
> > > > WARNING: pinging broadcast address
> > > > PING 207.202.197.0 (207.202.197.0) from 207.202.197.4 : 1(29) bytes
>of
> > >data.
> > > >
> > > > --- 207.202.197.0 ping statistics ---
> > > > 10 packets transmitted, 10 packets received, +63 duplicates, 0%
>packet
> > >loss
> > > >
> > > > The +63 duplicates is what the website I was reading told me to be
> > >concerned
> > > > about (http://ibelgique.ifrance.com/secur/docs/smurf.txt)
> > > >
> > > > So I go to http://www.netscan.org and http://www.powertech.no/smurf/
> > > > . They scan my ip class and say that I'm fine, telling me that i'm
>not
> > > > being used for Smurfing. I am confused. I have that +63 duplicates
> > >thing,
> > > > and i'm A. Not being USED for these type of attacks or B. I'm not
> > >vunerable
> > > > to be used by these attacks? Which is it?
> > > >
> > > > If I am vunerable (that +63 duplicates thing again) how can I fix my
> > >boxes?
> > > >
> > >
> > >What netscan is telling you is that a router between you and them is
> > >filtering out these "broadcast" pings. Good thing, and fairly standard
> > >these days. You do apparently have boxes that respond to network
>address
> > >pings, but only someone on the local network can cause that behavior
> > >(assuming your first-hop routers are filtering those). That may or may
>not
> > >be a matter of concern for you, depending on who uses your network, I
> > >guess. Most kernels have a parameter that turns off broadcast echo
> > >replies. On linux: net.ipv4.icmp_echo_ignore_broadcasts = 1.
> > >
> > >-John
> > >
> > >
> > > > Thanks for any help,
> > > > Greg Horne
> > > >
> > > > _________________________________________________________________
> > > > Get your FREE download of MSN Explorer at
> > >http://explorer.msn.com/intl.asp
> > > >
> > > > _______________________________________________
> > > > Web Page: http://lug.boulder.co.us
> > > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > >
> > >--
> > >
> > > - John Hernandez - Network Engineer - 303-497-6392 -
> > > | National Oceanic and Atmospheric Administration |
> > > | Mailstop R/OM12. 325 Broadway, Boulder, CO 80305 |
> > > ----------------------------------------------------
> > >_______________________________________________
> > >Web Page: http://lug.boulder.co.us
> > >Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
> >
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at
>http://explorer.msn.com/intl.asp
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>_______________________________________________
>Web Page: http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the LUG
mailing list