Re: [nsp] Directed broadcasts

From: Jared Mauch (jared@puck.nether.net)
Date: Sun Jul 05 1998 - 23:13:42 EDT


Subject: BOUNCE cisco-nsp@qual.net: Non-member submission from [Sukheui Lee <shlee@nms.kren.ne.kr>]

Received: from nms.kren.ne.kr (nms.kren.ne.kr [147.47.1.8]) by nic.iagnet.net (8.8.8/IAG/CICNet) with ESMTP id XAA27277 for <cisco-nsp@qual.net>; Sun, 5 Jul 1998 23:09:35 -0400 (EDT)
Received: (from shlee@localhost)
        by nms.kren.ne.kr (8.8.8H1/8.8.8) id MAA10254
        for cisco-nsp@qual.net; Mon, 6 Jul 1998 12:06:11 +0900 (KST)
Date: Mon, 6 Jul 1998 12:06:11 +0900 (KST)
From: Sukheui Lee <shlee@nms.kren.ne.kr>
Message-Id: <199807060306.MAA10254@nms.kren.ne.kr>
To: cisco-nsp@qual.net
Subject: Re: [nsp] Directed broadcasts
X-Sun-Charset: US-ASCII

We have a B class address(x.x.0.0) and all of them are used by subnetting like C class(x.x.x.0 255.255.255.0)
To addition to that, in the our LAN, most of all network devices are switches.
And the switches are difficult to protect the directed-broadcast by config.

Now we only set the configuration(no ip direc...) on FastEther interface in the board router and the interface's ip is x.x.x.y 255.255.255.0.
In this situation, if someone try broadcast pinging (x.x.255.255) to our sites, is the command(what i set at the board router) useful yet to protect the directed-broadcast?
As i knew, it's not useful. It is only useful for that interface's(x.x.x.0 255.255.255.0). we are in the bad situation.
No simple solution ?? if you know any helpful answer, plz let me know.

I expect your kind helps.
Thanks in advace.

Lee Sookheui.

> From: Rick Burts <burts@ccci.com>
> X-Sender: burts@fridge
> To: cisco-nsp@qual.net
> Subject: Re: [nsp] Directed broadcasts
> MIME-Version: 1.0
>
> the no ip directed-broadcast command configures the router to not pass
> directed (subnet) broadcasts. If you do this on the routers where
> traffic enters your network, broadcast pings will not get to your
> main router.
> There is not a way to configure the router not to answer if the ping
> packet gets to the router.
>
> Rick
>
> On Sat, 27 Jun 1998, RTS wrote:
>
> > Hash: SHA1
> >
> > I want to stop people from being able to ping my broadcast address's on our
> > main router.
> >
> > I believe it has something to do with the no ip directed broadcast (or
> > something similar command)
> >
> > Any help is always welcome and thankful.
> >
> > Randy
> >
> > RTS
> > rts@rdr.net
>
> Rick Burts burts@ccci.com
> Chesapeake Computer Consultants 410-280-8840 ex 3015
> 275 West Street 410-280-8859 fax
> Plaza 70
> Annapolis, Md 21401
>
> Chesapeake is a certified Cisco Training Partner.
> We offer most of the Cisco training courses.
> We also offer training in Checkpoint Firewall software and
> Fore Systems.
> We also provide network consulting services including
> design, management, and problem solving.
> We have 9 CCIEs on our staff.
>






This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:13 EDT