When sending an ICMPv4 echo request to a destination address like 224.0.0.1
, it is ignored by Linux hosts receiving the request. The destination MAC address used is 01:00:5e:00:00:01
.
The only way to have those Linux hosts answering is to set the Kernel parameter net.ipv4.icmp_echo_ignore_broadcasts
to the value 0
. Which will instruct the kernel to answer to both multicast and broadcast ICMPv4 requests and open the door to broadcast security threats.
Why is multicast traffic filtered by this parameter ? is there any attack justifying it ?
With ICMPv6 and equivalent destination address like ff02::1
, the traffic is not filtered by Linux hosts. Is there a risk that it will be filtered too in the future ? Is there a threat with ICMPv4 that doesn't exist with ICMPv6 ?
Linux hosts:
- Linux distribution: Ubuntu 20.04.1 LTS Focal
- Linux kernel: 5.4.0