RFC 1122 (host requirements, part 1), section 3.2.2, page 38:

	An ICMP error message MUST NOT be sent as the result of
         receiving:

         *    an ICMP error message, or

         *    a datagram destined to an IP broadcast or IP multicast
              address, or

         *    a datagram sent as a link-layer broadcast, or

         *    a non-initial fragment, or

         *    a datagram whose source address does not define a single
              host -- e.g., a zero address, a loopback address, a
              broadcast address, a multicast address, or a Class E
              address.

         NOTE: THESE RESTRICTIONS TAKE PRECEDENCE OVER ANY REQUIREMENT
         ELSEWHERE IN THIS DOCUMENT FOR SENDING ICMP ERROR MESSAGES.

Alas, ICMP Echo Reply is not included in the list of "ICMP error messages".
However, later on in section 3.2.2.6:

	3.2.2.6  Echo Request/Reply: RFC-792

            Every host MUST implement an ICMP Echo server function that
            receives Echo Requests and sends corresponding Echo Replies.
            A host SHOULD also implement an application-layer interface
            for sending an Echo Request and receiving an Echo Reply, for
            diagnostic purposes.

            An ICMP Echo Request destined to an IP broadcast or IP
            multicast address MAY be silently discarded.

            DISCUSSION:
                 This neutral provision results from a passionate debate
                 between those who feel that ICMP Echo to a broadcast
                 address provides a valuable diagnostic capability and
                 those who feel that misuse of this feature can too
                 easily create packet storms.

I suggest that we make the NetBSD default be to silently discard ICMP ECHO
messages that are broadcasts.

	chapter & verse,

	Erik <fair@clock.org>