On Fri, Apr 09, 2004 at 11:19:19AM -0400, Josh Huber wrote:
Frank Sweetser <fs@WPI.EDU> writes:
How about the fact that if you don't, you're open to acting as an unwitting participant in a smurf/fraggle amplification DoS?
I suppose, if you don't enable things like the rp_filter (or equivalent with iptables) and
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
I doubt anyone keeps udp echo enabled these days.
That doesn't always work. Not all of these attacks require that the packet sent to your machine be sent to what your machine believes is the broadcast address for your subnet. Think of it this way. Would you leave your back door unlocked and open just because you've only seen people come in and out of the front door? -- Frank Sweetser fs at wpi.edu WPI Network Engineer GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC