Some help with broadcasts through a Linux system

Dan Kaminsky effugas at
Wed Feb 3 22:28:11 GMT 1999

>I think that's an anti-SMURF security measure
>(little blue horrors, I *hate* em, and don't get
>me started on Father Abraham.... :-).
>It's done to stop directed broadcasts of ICMP
>packets - the dreaded SMURF attack.

Banning all directed broadcasts because of abuse is the Windows method of
network's hard to hack something if it's impossible to do in
the first place.

This isn't exactly a bad idea, when you think about it.  Can you imagine the
carnage on IRC, land of "How do I get my machine working, my root password
is newbie"?  Phear.

This is annoying.  The only way I can see to keep the net smurf free would
be to only allow directed broadcasts from trusted IP's that are in the ARP
cache(therefore unspoofable?).

Hurm.  Bridged/Routed Broadcasts are much less of a sticky problem than

Yours Truly,

    Dan Kaminsky
    DoxPara Research

More information about the samba-technical mailing list