Some help with broadcasts through a Linux system
Dan Kaminsky
effugas at best.com
Wed Feb 3 22:28:11 GMT 1999
>I think that's an anti-SMURF security measure
>(little blue horrors, I *hate* em, and don't get
>me started on Father Abraham.... :-).
>
>It's done to stop directed broadcasts of ICMP
>packets - the dreaded SMURF attack.
>
>Jeremy.
Banning all directed broadcasts because of abuse is the Windows method of
network security...it's hard to hack something if it's impossible to do in
the first place.
This isn't exactly a bad idea, when you think about it. Can you imagine the
carnage on IRC, land of "How do I get my machine working, my root password
is newbie"? Phear.
This is annoying. The only way I can see to keep the net smurf free would
be to only allow directed broadcasts from trusted IP's that are in the ARP
cache(therefore unspoofable?).
Hurm. Bridged/Routed Broadcasts are much less of a sticky problem than
this.
Yours Truly,
Dan Kaminsky
DoxPara Research
More information about the samba-technical
mailing list