|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Host Requirements RFC-1122 Section 3.2.2.6
states An ICMP Echo Request destined to an IP broadcast or IP multicast
address MAY be silently discarded.
|
|
IBM has provided a setting in AIX 4.x to
disable responses to broadcast addresses.
It is not available in AIX 3.x.
Use the "no" command to turn it off or on. NOTE: On AIX 4.x responses are DISABLED by
default.
|
|
no -o
bcastping=0 # disable bcast
ping responses (default)
|
|
Solaris can be set not to respond to broadcast
ICMP echo requests. Add the following
line to your /etc/rc2.d/S69inet startup:
|
|
ndd -set /dev/ip
ip_respond_to_echo_broadcast 0
|
|
Starting with version 2.2.5, FreeBSD's IP stack
does not respond to icmp echo requests destined to broadcast and multicast
addresses by default. The sysctl
parameter for this functionality is net.inet.icmp.bmcastecho.
|
|
Under NetBSD, directed broadcasts can be
disabled by using the sysctl command:
|
|
sysctl -w
net.inet.ip.directed-broadcast=0
|
|
Under Linux, one can use the
CONFIG_IP_IGNORE_ECHO_REQUESTS variable to completely ignore ICMP echo
requests. Of course, this violates
RFC 1122.
|
|
Any system (including Linux) with ipfw can be
protected by adding rules such as:
|
|
ipfwadm -I -a
deny -P icmp -D 123.123.123.0 -S 0/0 0 8
|
|
ipfwadm -I -a
deny -P icmp -D 123.123.123.255 -S 0/0 0 8
|
|
(replace
123.123.123.0 and 123.123.123.255 with your base network number and broadcast
address, respectively)
|