|
|
Multiple Vendor Smurf Denial of Service Vulnerability
Solution: There are very few ways to prevent being at least partially vulnerable to the attack. Blocking the propagation of IICMP sent to the broadcast address at a border router will prevent your site from being used to stage the attack. Most firewalls will prevent this attack outright -- few allow ICMP echo to pass through in their default configuration, and those that do can be configured to prevent ICMP echo responses from entering the network when there is not a corresponding echo request. In addition, configuring individual machines to not respond to ICMP echo when sent to the broadcast will prevent scenarios where this attack can be used internally to a network. CERT advisory CA-98.01.smurf has a number of helpful details, as well as configuration information for a number of affected systems. Those who believe they are vulnerable, and wish to take action, should refer to this advisory. |
|
Privacy Statement |