>Number:         4785
>Category:       kern
>Synopsis:       directed bcasts sysctl doesn't turn off icmp replies to bcast addr
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jan  5 20:50:01 1998
>Last-Modified:
>Originator:     Wolfgang Rupprecht
>Organization:
W S Rupprecht Computer Consulting, Fremont CA
>Release:        NetBSD-current Jan 5, 1998
>Environment:
	
System: NetBSD capsicum.wsrcc.com 1.3 NetBSD 1.3 (WSRCC) #0: Mon Jan 5 13:44:47 PST 1998 root@capsicum.wsrcc.com:/v/src/netbsd/src/sys/arch/i386/compile/WSRCC i386


>Description:

Following the recomendations in the CERT advisory has no effect on
pings to the broadcast address:

    Under NetBSD you can disable directed broadcast with this command,
    as root:

	# sysctl -w net.inet.ip.directed-broadcast=0


>How-To-Repeat:

	(possibly related: compile in and turn on ipfilt packet filtering)

	$ sysctl -w net.inet.ip.directed-broadcast=0
	$ ping 140.174.88.0
	PING ether.wsrcc.com (140.174.88.0): 56 data bytes
	64 bytes from 140.174.88.14: icmp_seq=0 ttl=255 time=0.924 ms
	64 bytes from 140.174.88.1: icmp_seq=0 DUP! ttl=255 time=1.754 ms
	64 bytes from 140.174.88.14: icmp_seq=1 ttl=255 time=1.650 ms
	$ ping 140.174.88.127
	PING broadcast.wsrcc.com (140.174.88.127): 56 data bytes
	64 bytes from 140.174.88.1: icmp_seq=0 ttl=255 time=0.686 ms
	64 bytes from 140.174.88.14: icmp_seq=0 DUP! ttl=255 time=1.890 ms
	64 bytes from 140.174.88.1: icmp_seq=1 ttl=255 time=1.016 ms
	64 bytes from 140.174.88.14: icmp_seq=1 DUP! ttl=255 time=3.375 ms

Both of the above machines are netbsd 1.3 boxes.  Neither
directed-broadcast=0, or directed-broadcast=1, nor pinging the
x.x.x.255 address has any effect.  Bcast pings are always honored.

>Fix:
	?
>Audit-Trail:
>Unformatted: