[11490] in North American Network Operators' Group
Re: [nsp] known networks for broadcast ping attacks
daemon@ATHENA.MIT.EDU (Craig A. Huegen)
Wed Jul 30 18:05:39 1997
Date: Wed, 30 Jul 1997 14:52:14 -0700 (PDT)
From: "Craig A. Huegen" <c-huegen@quadrunner.com>
To: "Jeffrey S. Curtis" <curtis@anl.gov>
cc: amb@xara.net, cisco-nsp@cic.net, nanog@merit.edu
In-Reply-To: <199707301942.OAA10452@achilles.ctd.anl.gov>
On Wed, 30 Jul 1997, Jeffrey S. Curtis wrote:
==>(And to answer the proverbial "how do I configure my router for that"
==>in advance, the answer is that, at least on my boxes, the not-allowing-
==>broadcast-pings-through-as-broadcasts-onto-the-target-media thing is on
==>by default. Source address filtering, however, is not.)
For Ciscos, "no ip directed-broadcast" on your interfaces will
prevent remote devices from sending directed broadcasts. No guarantees
about applications it might break, though.
/cah
