bcast icmp (smurf)

bcast icmp (smurf)

Post by Aj » Fri, 12 Mar 1999 04:00:00



In Freebsd2.2.8 (and 3.x)

Is a.b.c.0 the same thing as d.e.f.255 ? If so why do i get a bcast icmp
when i set net.inet.icmp.bmcastecho to 0 ? (when i ping .0.. blocks the
bcast for .255 tho).

How can I make it so I don't get a bcast when I ping to a.b.c.0 ? Thanks.

 
 
 

1. Dos/smurf/icmp/tcpdump/snmp-mib2

Hi guys:

I am trying to see how a smurf-like ICMP broadcast flooder works  (from
site)
http://www.cotse.com/dos.htm

Both the attack and victim are Redhat Linux 7.1 boxes (kernel 2.4)
in the same subnet (192.168.1.0)

I create a broadcast file
% echo "192.168.1.255" > bcast
and run smurf in 192.168.250 to attack 192.168.1.100
%./smurf 192.168.1.100 bcast 0 1 100

(FYI: smurf.c v4.0 by TFreak
 usage: ./smurf <target> <bcast file> <num packets> <packet delay> <packet
size>
target        = address to hit
bcast file    = file to read broadcast addresses from
num packets   = number of packets to send (0 = flood)
packet delay  = wait between each packet (in ms)
packet size   = size of packet (< 1024)
)

I run tcpdump at 192.168.1.100 (victim)
%tcpdump icmp
and get sth. like %tcpdump icmp
Kernel filter, protocol ALL, TURBO mode (575 frames), datagram packet socket
tcpdump: listening on all devices
14:26:10.668147 eth1 < 192.168.1.100 > 192.168.1.255: icmp: echo request
14:26:10.688147 eth1 < 192.168.1.100 > 192.168.1.255: icmp: echo request
14:26:10.708147 eth1 < 192.168.1.100 > 192.168.1.255: icmp: echo request
14:26:10.728147 eth1 < 192.168.1.100 > 192.168.1.255: icmp: echo request
14:26:10.748147 eth1 < 192.168.1.100 > 192.168.1.255: icmp: echo request

Question: Why is there no echo reply. I also checked SNMP MIB entry
.iso.org.dod.internet.mgmt.mib-2.icmp.icmpInMsgs
It is not incremented.

FYI: I checked
/proc/sys/net/ipv4/icmp_echo_ignore_all
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

ALL 0 that means I am NOT ignoring any boradcast packets
I verify it by checking
%ping -f 192.168.1.100
I do get a  lot of echo replies like:
15:54:33.098147 eth1 < 192.168.1.100 > 192.168.1.82: icmp: echo request
15:54:33.118147   lo > 192.168.1.100 > 192.168.1.100: icmp: echo request
(DF)
15:54:33.118147   lo < 192.168.1.100 > 192.168.1.100: icmp: echo request
(DF)
15:54:33.118147   lo > 192.168.1.100 > 192.168.1.100: icmp: echo reply (DF)
15:54:33.118147   lo < 192.168.1.100 > 192.168.1.100: icmp: echo reply (DF)
15:54:33.118147   lo > 192.168.1.100 > 192.168.1.100: icmp: echo request
(DF)

and SNMP-ICMP entry also incremented.

Question: whatelse do I need to do to make smurf really "works"?

many thanks

2. VMS->UNIX [VMSBACKUP]

3. icmp : does icmp have no dependency on dns?

4. Moving Linux/Lilo boot from IDE to SCSI drives

5. ICMP HOST cannot build IP Header address to echo ICMP HOST

6. xterm cursor positioning

7. make icmp.c be more verbose on broadcast icmp errors

8. SiS 6215

9. anyone knows how to set bcast with ifconfig

10. Can't see MY IP bcast packets any more.

11. Bcast Msgs in Linux v1.0

12. filtering out smurf attack w/ ipchains

13. Smurf music with AC97