Re: ICMP's & IP src addrs


Richard Fox (rfox@amelia.nas.nasa.gov)
Mon, 19 Sep 88 11:22:41 PDT


We've certainly been bitten by hosts that respond to broadcasts
<inappropriately, so I'm sympathetic with the idea of being very
<conservative in responding to ICMP broadcasts. But let's not go too
<far. Kent England says you are never allowed to respond to a
<broadcast by sending an ICMP, even if the source of the broadcast is
<an ICMP. I think what should be said is that you never respond to a
<broadcast by sending an ICMP *error* message. If the original
<broadcast is one of the ICMP queries, and the query is well-formed,
<you can certainly send the corresponding response.
<up with some other way to find out your net mask...

By allowing hosts to respond to well formed icmp echo request packets
to the broadcast address you are opening the door to malicious attempts
to swamp a network with data. How so? Ping the broadcast address with
an icmp packet size of 1K or greater. If your ethernet contains quite
a few hosts (100 maybe???) and they all respond to each packet once
every second thats quite al ot of icmp data being generated every second.
Start 2 pings going and watch out. Or if your ping option has the ability
to generate a ping every 10th of a second your ethernet may find itself
heavily congested if not completely unuasable if hosts respond to
icmp echo requests to the broadcast address.

I can see some usefulness in allowing some hosts respond but I really
think this is an area where care must be taken in teh hosts requirements doc.

rich



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:43:30 GMT