[PLUG] Routers again <sigh>

drew wymore drew.wymore at gmail.com
Sat Apr 14 00:00:50 UTC 2007 

On 4/13/07, Jason Martin <nsxfreddy at gmail.com> wrote:
>
> On 4/13/07, Larry Brigman <larry.brigman at gmail.com> wrote:
> > On 4/13/07, Jason Martin <nsxfreddy at gmail.com> wrote:
> > > On 4/13/07, Michael Rasmussen <mikeraz at patch.com> wrote:
> > > >
> > > > Larry Brigman wrote:
> > > > > ping -b 192.168.1.0
> > > > > is a broadcast ping to the network. This should respond back with
> > > > > everything on the network that understands ping. Lots of
> duplicates.
> > > >
> > > > Not everything.  Some IP stacks, on Windows for example, don't
> respond to
> > > > broadcast pings.
> > >
> > > Nor should they, given the DDoS amplification potential of broadcast
> > > pings (Smurf attack).  If you need to diagnose between two devices,
> > > use a unicast (standard) ping.  If you need to discover devices on a
> > > subnet, use nmap or some other tool that can automate pinging through
> > > a list of IP addresses.
> > >
> > > Linux allows broadcast ping response to be configured through the
> > > net.ipv4.icmp_echo_ignore_broadcasts sysctl, or via the equivalent
> > > /proc/sys/net entry.  The default is to ignore (1).
> > >
> >
> > It might be default now but not too many kernel versions ago it was 0
> > and would respond.
> > However, most networking equipment and devices like networked
> > printers/print servers
> > will respond.  It is a tool. Useful in some situations.
>
> Looks like the default was changed to disallow broadcast echos in late
> 2005:
>
>
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ce312467edc270fcbd8a699efabb37ce1802b98
>
> It is a tool.  As I pointed out in my earlier mail, there are
> alternatives that rely on the tool itself to generate unicast
> echo-requests, instead of broadcasting to everyone.  For example, you
> can do an nmap ping scan with the -sP option:
>
> nmap -sP 192.168.1.0/24
>
> The advantage here, is that unlike a broadcast ping, this method
> requires the requester to generate 254 individual icmp-echo-request
> packets, with the expectation of getting up to 254 icmp-echo-reply
> packets back.  With a broadcast ping, the requester sends 1
> icmp-echo-request packet and gets up to n icmp-echo-replies, where n
> is 254/65534/16777214 for a class C/B/A network respectively.  This
> was the smurf technique used to bring down even the largest ISP
> backbones from a single dial-up connection.
>
> Jason
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>


Could script it too

#generate a class C list of IP's
for i < 255; echo 192.168.x.$i; done
#export your IP list and then fping it
for i $iplist; do fping $i; done

More information about the PLUG mailing list