> > > # ping -c 3 64.4.197.127 > > > PING 64.4.197.127 (64.4.197.127): 56 data bytes > > > 64 bytes from 64.4.197.65: icmp_seq=0 ttl=255 time=0.3 ms > > > 64 bytes from 64.4.197.69: icmp_seq=0 ttl=255 time=0.7 ms (DUP!) > > > 64 bytes from 64.4.197.68: icmp_seq=0 ttl=128 time=0.9 ms (DUP!) > > > 64 bytes from 64.4.197.65: icmp_seq=1 ttl=255 time=0.3 ms > > > 64 bytes from 64.4.197.69: icmp_seq=1 ttl=255 time=0.7 ms (DUP!) > > > 64 bytes from 64.4.197.68: icmp_seq=1 ttl=128 time=0.9 ms (DUP!) > > > 64 bytes from 64.4.197.65: icmp_seq=2 ttl=255 time=0.3 ms > > > > > > --- 64.4.197.127 ping statistics --- > > > 3 packets transmitted, 3 packets received, 4 duplicates, 0% packet > > loss > > > round-trip min/avg/max = 0.3/0.5/0.9 ms > > > > This is as expected, and even makes sense. > > What, pray tell, are those DUP! lines?
You sent a ping (actually, an icmp echo request) to the broadcast address of your network. In theory, all live boxes on your network should recieve this request, and send a reply. Ping is only expecting one reply per request, so it flags the extras as duplicates (DUP!) to make sure you notice them. Now, imagine an internet that's a bit less "kind and gentle" than the old arpa-net. On a medium sized network, you can create hundreds or even thousands of response packets from a single request (known as amplification), and have lots more fun if you spoof your IP (ie instant creation of DoS zombie systems just by knowing their subnet info...no malware install required). Hence the existence of: /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts Try "echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts" on one (or more) of your linux based DMZ systems, and repeat the above test. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
