On Sat, Jul 04, 1998 at 03:29:05AM -0400, Rick Burts wrote:
==>the no ip directed-broadcast command configures the router to not pass
==>directed (subnet) broadcasts. If you do this on the routers where
==>traffic enters your network, broadcast pings will not get to your
==>main router.
==>There is not a way to configure the router not to answer if the ping
==>packet gets to the router.
"no ip directed-broadcast" is per-LAN-interface. Placing it only on border
routers does not help. It must be placed on every LAN interface on every
router.
Beginning in 12.0, "no ip directed-broadcast" is the default behavior.
For information on the smurf attack, see
http://www.quadrunner.com/~chuegen/smurf/
I'll be adding a section relatively soon on using Committed Access Rate
(CAR) to limit ICMP echo/echo-replies to a certain amount.
/cah
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:13 EDT