Some help with broadcasts through a Linux system

[Dan Kaminsky]

>I think that's an anti-SMURF security measure
>(little blue horrors, I *hate* em, and don't get
>me started on Father Abraham.... :-).
>
>It's done to stop directed broadcasts of ICMP
>packets - the dreaded SMURF attack.
>
>Jeremy.

Banning all directed broadcasts because of abuse is the Windows method of
network security...it's hard to hack something if it's impossible to do in
the first place.

This isn't exactly a bad idea, when you think about it.  Can you imagine the
carnage on IRC, land of "How do I get my machine working, my root password
is newbie"?  Phear.

This is annoying.  The only way I can see to keep the net smurf free would
be to only allow directed broadcasts from trusted IP's that are in the ARP
cache(therefore unspoofable?).

Hurm.  Bridged/Routed Broadcasts are much less of a sticky problem than
this.


Yours Truly,

    Dan Kaminsky
    DoxPara Research