Re: [nsp] Directed broadcasts

From: Todd Nagengast (tsgd@alaska.net)
Date: Sat Jul 04 1998 - 05:18:19 EDT


On Sat, 4 Jul 1998, Rick Burts wrote:

> the no ip directed-broadcast command configures the router to not pass
> directed (subnet) broadcasts. If you do this on the routers where
> traffic enters your network, broadcast pings will not get to your
> main router.

This is a bit misleading. The "ip directed-broadcast" feature of a
cisco router is what takes a layer three broadcast and translates
it into a layer two broadcast. When you do a "no ip directed-broadcast"
you turn of this translation for that *one* interface only. Doing
this on only a network ingress point will not prevent other broadcast
addresses within your network from being attacked.

To prevent your network from being used as a smurf amp, you need to
use "no ip directed-broadcast" on pretty much every interface.

Todd

> There is not a way to configure the router not to answer if the ping
> packet gets to the router.
> Rick
>
> On Sat, 27 Jun 1998, RTS wrote:
>
> > Hash: SHA1
> >
> > I want to stop people from being able to ping my broadcast address's on our
> > main router.
> >
> > I believe it has something to do with the no ip directed broadcast (or
> > something similar command)
> >
> > Any help is always welcome and thankful.
> >
> > Randy
> >
> > RTS
> > rts@rdr.net
>
> Rick Burts burts@ccci.com
> Chesapeake Computer Consultants 410-280-8840 ex 3015
> 275 West Street 410-280-8859 fax
> Plaza 70
> Annapolis, Md 21401
>
> Chesapeake is a certified Cisco Training Partner.
> We offer most of the Cisco training courses.
> We also offer training in Checkpoint Firewall software and
> Fore Systems.
> We also provide network consulting services including
> design, management, and problem solving.
> We have 9 CCIEs on our staff.
>

---
Todd Nagengast /_\\//_\ Network Hero v. 907.562.4638
tsgd@alaska.net \ //\\ / Internet Alaska, Inc. f. 907.562.1677
"FreeBSD. It kicks the [*] out of what Linus can write."-Shmoo
1024/DB3041FD BE 60 73 FE 61 C5 A4 F3 C8 13 3C 93 C8 63 1F 5C






This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:13 EDT