"broadcast ping" message
Jamie Bowden
ragnar at sysabend.org
Wed Apr 16 11:33:32 PDT 2003
On Wed, 16 Apr 2003, Larry Rosenman wrote:
> --On Wednesday, April 16, 2003 10:58:20 -0700 John Polstra
> <jdp at polstra.com> wrote:
>
> > In article <20030416105033.H46401-100000 at moo.sysabend.org>,
> > Jamie Bowden <ragnar at sysabend.org> wrote:
> >> On Wed, 16 Apr 2003, John Polstra wrote:
> >>
> >> > To make a FreeBSD system respond to broadcast pings, you have to set
> >> > the sysctl variable net.inet.icmp.bmcastecho to 1.
> >>
> >> Shouldn't the default be to DTRT and respond unless disabled? Until now,
> >> the only systems on my network that didn't respond to broadcast pings
> >> were my windows boxes, but I consider them broken by default. Why has
> >> the default behavior changed, and isn't this a POLA issue?
> >
> > It was changed for security reasons. Responding to broadcast pings
> > creates several potential denial of service attacks.
> It's also against current best practices for ISP's. Even Cisco changed the
> routers
> to NOT respond to directed-broadcast by default.
>
> The RFC was NOT written for today's internet.
Then submit a draft for a superceding RFC, don't ignore it just because
it's inconvenient. That's a Microsoft attitude.
Jamie Bowden
--
"It was half way to Rivendell when the drugs began to take hold"
Hunter S Tolkien "Fear and Loathing in Barad Dur"
Iain Bowen <alaric at alaric.org.uk>
More information about the freebsd-mobile
mailing list