Re: [gentoo-user] Machine doesn't respond to broadcast ping.

[Stroller <stroller@stellar.eclipse.co.uk>]

On 25 Jun 2009, at 08:10, Adam Carter wrote:

>>> I've got one machine here on the LAN which isn't responding to  
>>> broadcast
>>> ping. Any idea why not?
>>
>> You need to set icmp_echo_ignore_broadcasts to 0.  Default is
>> 1, mainly for dos prevention:
>>
>> # sysctl net.ipv4.icmp_echo_ignore_broadcasts=0
>
> I thought it would default to off in most OSes these days, because of;
> http://en.wikipedia.org/wiki/Smurf_attack
>
> Are those other machines patched up?

They're all on the LAN, anyway, but:

192.168.1.71 - the machine from which the ping was sent (don't know if  
that makes a difference). Mac OS X 10.5, fairly recent updates, but  
perhaps not this month's.
192.168.1.43 - Gentoo 1.4 profile, 2.4 kernel, not updated in at least  
3 years, well due for retirement, just as soon as I've moved services  
to 192.168.1.100
192.168.1.22 - network KVM [1], probably can't get a firmware update,  
unfortunately. :( Not a very recent one, anyway. Although they may  
still sell it, I'm pretty sure it's rebadged OEM & development on the  
product is ceased.
192.168.1.9 - LaserJet 4000, JetDirect card.

Interestingly the router is a model at least 5 years old - a Draytek  
Vigor, older than the 192.168.1.43 build - and it isn't replying.

I now realise that 3 other Linux boxes are missing from the list. I'm  
sure I'm not the only person on the list to occasionally lose count.

Anyway, for each device it's either a case of:
- yes, it's regularly updated;
- sorry, there's not much to be done about it; or
- yes, I know it needs updating!

It shouldn't matter, anyway, if they're all behind a NAT router,  
should it? I'm inclined to disable this ignore, because I do find  
broadcast ping very occasionally useful.

Stroller.



[1] http://www.austin-hughes.co.uk/products.cfm?Product=28