Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: ICMP Broadcast - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ICMP Broadcast
Hi

I recently took a SANS course and am now going through some of the concepts that were discussed in the class. One of the item that was talked about was Smurf attack and how one can spoof IP and send broadcast pings and the victim will receive all the replies.


To start with, within a lab environment I am simply sending a broadcast packet from my internal network to my internal network and capturing the packets. It appears that the reply to broadcast packet is only coming from one of the HP printers, rest of my Windows, Linux machines are not sending any reply back to my ICMP inquiry.

On one of my windows machines I am running Wireshark to see if the broadcast packet actually reaches the machine. It appears that the broadcast packet is reaching to networked machines but no reply is being sent.

I wonder if anyone else has looked into this and knows if the OS/Switches block these by default and how to enable those? I was able to find online a command for Cisco ASA's to disallow these packets but was not able to find information on why windows machine would reply to simple ping messages but not when the ping is sent to broadcast address - which has been verified that it is being received by destination.
Anonymous

Could you share a pcap? Xme

463 Posts
ISC Handler
In theory windows 7's should be sending a reply back to broadcast? I don't have a pcap at this moment to share ... I am running windump through command line to show icmp packets. Anonymous

-

Sign Up for Free or Log In to start participating in the conversation!