[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:17064] Re: many ping packet

é´¨å·ã¨ç”³ã—ã¾ã™ã€‚ã“ã®MLã«æ›¸ãã®ã¯åˆã‚ã¦ã§ã™ã€‚
よã‚ã—ããŠã­ãŒã„ã—ã¾ã™ã€‚

At Wed, 28 Jul 1999 11:44:29 +0900,
Hiroki Onita <nita@xxxxxxxxxx> wrote:

> 実ã¯ä»Šæœã‹ã‚‰ã€ã‚るサイトã‹ã‚‰ã® ping packet ãŒç¶™ç¶šã—ã¦é£›ã‚“ã§ãã¦ã„ã¦ã€
> 対応ã«è‹¦æ…®ã—ã¦ã„ã¾ã™ã€‚åŒã˜ã‚·ã‚¹ãƒ†ãƒ ã‹ã‚‰ã®ã‚ˆã†ãªã®ã§ã™ãŒã€
> ä»Šæœ 9:30 é ƒã‹ã‚‰ã»ã¼ 1 分ãŠãã«ã€ã“ã¡ã‚‰ã§ç®¡ç†ã—ã¦ã„ã‚‹ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã®
> 0 㨠255 ã®ã‚¢ãƒ‰ãƒ¬ã‚¹å®›ã¦ã® pingãŒé€ã‚‰ã‚Œã¦ãã¦ã„ã¦ã€ç¾åœ¨(11:40)ã‚‚
> 続ã„ã¦ã„ã¾ã™ã€‚icmplogd ã®å‡ºåŠ›ã¨ netwatch ã§ç¢ºèªã—ã¾ã—ãŸã€‚

ãã‚Œã¯ã„ã‚ゆるã€"smurf" attackã§ã¯ãªã„ã§ã—ょã†ã‹ã€‚
routerã§IP directedãªãƒ–ロードキャストを通ã•ãªã„ã“ã¨ã§è§£æ±ºã§ãã‚‹ã¨æ€ã„ã¾ã™ã€‚

ã‚ãã¾ã§å‚考ã§ã‚ã‚Šã€å„ベンダーã”ã¨ã«è¨­å®šæ–¹æ³•ã¯é•ã†ã¨æ€ã„ã¾ã™ãŒã€
例ãˆã°ã€Ciscoã ã£ãŸã‚‰"no ip directed-broadcast"ã¨ã„ã†è¨­å®šãŒinterfaceã«å¯¾ã—ã¦
指定ã§ãるよã†ã§ã™ã€‚(IOSã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã«ã‚‚よるã¨æ€ã„ã¾ã™ãŒ)

ãŸã ã€ä¸€èˆ¬ã«network addressã‚„ã€broadcast addressã¸ã®ã€ICMP ECHOãŒã©ã‚“
ãªç”¨é€”ã«ä½¿ã‚ã‚Œã¦ã„ã‚‹ã®ã‹åƒ•ã¯çŸ¥ã‚‰ãªã„ã®ã§ã€ã“ã®ã‚ˆã†ãªè¨­å®šã‚’ã™ã‚‹ã“ã¨ã§å›°
ã‚‹ã“ã¨ãŒã‚ã‚‹ã‹ã©ã†ã‹ã¯åˆ†ã‹ã‚Šã¾ã›ã‚“。ã”å­˜ã˜ã®æ–¹ã€æ•™ãˆã¦ãã ã•ã‚‹ã¨å¹¸ã„ã§
ã™ã€‚

å‚考資料:
http://www.quadrunner.com/~chuegen/smurf.txt (今見ãŸã¨ãã¯ã€ã¤ãªãŒã‚Šã¾ã›ã‚“ã§ã—ãŸ)
ftp://ftp.cert.org/pub/cert_advisories/CA-98.01.smurf

# Debianã‹ã‚‰é€¸ã‚ŒãŸè©±é¡Œã§è©±ã‚’ã¤ã¥ã‘ã¦ã™ã¿ã¾ã›ã‚“... 
--------------
Hiroki KAMOGAWA <kamo@xxxxxxxxxxxxx>