Security Incidents mailing list archives
Smurf/broadcast "pings"
From: dennisd () PARAGONTECH COM (Dennis DeDonatis)
Date: Wed, 5 Apr 2000 08:52:34 -0400
When I asked Cisco about my PIX firewall responding to pings to the broadcast address on its internal and external interfaces, the following is their response:
I do not have your pix configuration attached in the case. If you are atttempting to ping the broadcast address, which is the broadcast for the outside interface of the pix, the pix outside interface will respond to a broadcast- as will any normal network device. That is the normal behavior of the outside interface of the pix. There is no way to disable this feature at this present time. This is not considered a defect, this is the normal behavior.
Does anyone else see this as a problem to have a security device act as a SMURF amplifier, or am I just nuts? Being nuts is a good possibility, but I thought I'd ask you guys before I assumed I was nuts. :) Thanks, Dennis
Current thread:
- NIPC Worm/Virus Alert Elias Levy (Apr 02)
- Smurf/broadcast "pings" Dennis DeDonatis (Apr 05)
- Re: Smurf/broadcast "pings" UnixGeek (Apr 06)
- Another day, another box hacked Jakub Urbanec (Apr 07)
- Lots of scans on port 27063 Erick Perez (Apr 08)
- Re: Lots of scans on port 27063 Blake Frantz (Apr 10)
- Re: Lots of scans on port 27063 James Stevenson (Apr 12)
- Strange & Consistent RST/ACK packets Security Guru (Apr 08)
- fragment attack of some kind ? Klavs Klavsen (Apr 11)
- Re: fragment attack of some kind ? Heiko Degenhardt (Apr 17)
- Re: Strange & Consistent RST/ACK packets Richard Bejtlich (Apr 11)
- Re: Strange & Consistent RST/ACK packets Dave Dittrich (Apr 11)
- Smurf/broadcast "pings" Dennis DeDonatis (Apr 05)