Re: ICMP ECHO_REQUESTS to BROADCAST addresses (fwd)

Alan Cox (alan@LXORGUK.UKUU.ORG.UK)
Tue, 22 Jul 1997 23:13:13 +0100

> Anyone doing serious multicasting might want to take some preventive measures
> with ICMP ECHO_REQUEST packets to the multicast address as well. I don't
> have anything to test it on now, but as I recall, the same behavior, on an
> obviously much smaller scale, is present here as well and could likely slip
> through router rules if not looked at.

One big problem here is customers. The original Linux code didnt reply
to broadcast pings and everyone screamed their network monitor/mapping tool
didnt work with it even though RFC1122 says its merely a MAY

For Linux/*BSD its easy to firewall the relevant addresses in the OS. Also
firewall 255.255.255.255 otherwise people do things like source routed
all host broadcasts