[c-nsp] security
Michael Simpson
mikie.simpson at gmail.com
Tue Dec 2 09:40:50 EST 2008
On 12/2/08, Adam Greene <maillist at webjogger.net> wrote:
> How does one get around the side-effect of not allowing broadcasts; i.e.
> wouldn't this break ARP functionality?
>
Not within the subnet
using ethernet arp is only on the local segment and won't traverse the router
no ip directed broadcast stops broadcasts from a different subnet
snipped from <http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1081245>
An IP directed broadcast is an IP packet whose destination address is
a valid broadcast address for some IP subnet, but which originates
from a node that is not itself part of that destination subnet.
A router that is not directly connected to its destination subnet
forwards an IP directed broadcast in the same way it would forward
unicast IP packets destined to a host on that subnet. When a directed
broadcast packet reaches a router that is directly connected to its
destination subnet, that packet is "exploded" as a broadcast on the
destination subnet. The destination address in the IP header of the
packet is rewritten to the configured IP broadcast address for the
subnet, and the packet is sent as a link-layer broadcast.
mike
More information about the cisco-nsp
mailing list