Re: [nsp] Directed broadcasts

• Next message: Dan Boehlke: "Re: [nsp] Directed broadcasts"
• Previous message: Mark Milhollan: "[nsp] Enumerating the router's addresses"
• In reply to: Rick Burts: "Re: [nsp] Directed broadcasts"
• Next in thread: Dan Boehlke: "Re: [nsp] Directed broadcasts"
• Reply: Dan Boehlke: "Re: [nsp] Directed broadcasts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On Sat, Jul 04, 1998 at 03:29:05AM -0400, Rick Burts wrote:
==>the no ip directed-broadcast command configures the router to not pass
==>directed (subnet) broadcasts. If you do this on the routers where
==>traffic enters your network, broadcast pings will not get to your
==>main router.
==>There is not a way to configure the router not to answer if the ping
==>packet gets to the router.

"no ip directed-broadcast" is per-LAN-interface. Placing it only on border
routers does not help. It must be placed on every LAN interface on every
router.

Beginning in 12.0, "no ip directed-broadcast" is the default behavior.

For information on the smurf attack, see
http://www.quadrunner.com/~chuegen/smurf/

I'll be adding a section relatively soon on using Committed Access Rate
(CAR) to limit ICMP echo/echo-replies to a certain amount.

/cah

• Next message: Dan Boehlke: "Re: [nsp] Directed broadcasts"
• Previous message: Mark Milhollan: "[nsp] Enumerating the router's addresses"
• In reply to: Rick Burts: "Re: [nsp] Directed broadcasts"
• Next in thread: Dan Boehlke: "Re: [nsp] Directed broadcasts"
• Reply: Dan Boehlke: "Re: [nsp] Directed broadcasts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:13 EDT