What is ICMP broadcast good for?

To configure Linux to ignore ICMP broadcasts (to protect from SMURF attacks), I have added the following line to /etc/sysctl.conf:

net.ipv4.icmp_echo_ignore_broadcasts = 1

Anyone knows what are the drawbacks of ignoring ICMP broadcasts? In other words what is ICMP broadcasting good for?


Solution 1:

The sysctl option you referenced, net.ipv4.icmp_echo_ignore_broadcasts, only deals with IPv4 ICMP echo broadcasts. ICMP echo messages are the messages used by the "ping" command-line tool. By ignoring broadcast ICMP echo requests, your machine won't respond when someone tries to ping a broadcast address (such as 255.255.255.255, or, say, 192.168.1.255 on a 192.168.1.0/24 subnet) to find all the hosts on the network or subnet at the same time.

This particular sysctl option shouldn't have any effect on being able respond to unicast pings sent directly to the unicast IP address of your machine. Also, this option is only for ICMP echo broadcasts, so it shouldn't have any effect on all the other uses of ICMP besides echoes.