Re: `smurf' multi-broadcast icmp attack

Brad Powell (brad.powell@WEST.SUN.COM)
Thu, 16 Oct 1997 08:58:17 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jon Lewis: "Re: `smurf' multi-broadcast icmp attack"
Previous message: Therapy?: "Re: `smurf' multi-broadcast icmp attack"
Maybe in reply to: T. Freak: "`smurf' multi-broadcast icmp attack"
Next in thread: Jon Lewis: "Re: `smurf' multi-broadcast icmp attack"

--Boundary_(ID_6NZHygdTp62R8L0icIDseQ)
Content-type: TEXT/PLAIN; CHARSET=US-ASCII; NAME=text
Content-description: text
Content-disposition: ATTACHMENT; FILENAME=text
X-Sun-Charset: us-ascii

Therapy,
Thanks for fix for linux! In the spirit of sharing, below is a shell
script that is part of titan a tool suite that fixes many of these common
problems in/for Solaris (only/mostly).

=======================================================================
Brad Powell : brad.powell@Sun.COM
Sr. Network Security Consultant
Sun Microsystems Inc.
=======================================================================
The views expressed are those of the author and may
not reflect the views of Sun Microsystems Inc.
=======================================================================

--Boundary_(ID_6NZHygdTp62R8L0icIDseQ)
Content-type: TEXT/PLAIN; CHARSET=US-ASCII; NAME=disable-ping.echo.sh
Content-description: shell-script
Content-disposition: ATTACHMENT; FILENAME=disable-ping.echo.sh
X-Sun-Charset: us-ascii
X-Sun-Data-type: shell-script

#!/bin/sh

# bpowell 06/21/97 script to add the ndd line to disable response to echo
# modifies S69inet
#
# Note
###
# This tool suite was written by and is copyright Brad Powell 1991,
# 1992, 1993, 1994, 1995, and 1996, with help and input from Casper Dik,
# Alec Muffett, Dan Farmer, and Matt Archibald.
#
# The copyright holder disclaims all responsibility or liability with
# respect to its usage or its effect upon hardware or computer
# systems, and maintains copyright as set out in the "LICENCE"
# document which accompanies distribution.
#
# Titan version 0.1
#
# setup
PATH=/usr/ucb:/bin:/usr/bin:/sbin
MYNAME=`basename $0`

# Check for execution by root

if [ `/usr/xpg4/bin/id -un` != root ]
then
echo " "
echo >&2 "$MYNAME: error: must be run as root."
echo " "
exit 1
fi

# Introduction

# cat << EOF
#
# This disables ip_respond_to_echo_broadcast so that specific ping crashes
# don't work
# The program modifies /etc/rc2.d/S69inet
#
# ndd -set /dev/ip ip_respond_to_echo_broadcast 0
# EOF

# echo press enter to continue"\c"
# read YN

if test -f /etc/rc2.d/S??inet
then
echo " Now adding the new ndd command"

ed - /etc/rc2.d/S??inet <<- !
g/tcp_old_urp_interpretation
a
ndd -set /dev/ip ip_respond_to_echo_broadcast 0
.
w
Q
!

echo " Modifcations to rc2.d complete"
fi
echo " Done."

--Boundary_(ID_6NZHygdTp62R8L0icIDseQ)--

Next message: Jon Lewis: "Re: `smurf' multi-broadcast icmp attack"
Previous message: Therapy?: "Re: `smurf' multi-broadcast icmp attack"
Maybe in reply to: T. Freak: "`smurf' multi-broadcast icmp attack"
Next in thread: Jon Lewis: "Re: `smurf' multi-broadcast icmp attack"