[11504] in North American Network Operators' Group
Re: [nsp] known networks for broadcast ping attacks
daemon@ATHENA.MIT.EDU (Edward Henigin)
Wed Jul 30 22:37:36 1997
Date: Wed, 30 Jul 1997 21:16:25 -0500
From: Edward Henigin <ed@texas.net>
To: cisco-nsp@cic.net
Cc: nanog@merit.edu
In-Reply-To: <Pine.QUAD.3.96.970730145114.22799A-100000@quad.quadrunner.com>; from Craig A. Huegen on Wed, Jul 30, 1997 at 02:52:14PM -0700
this does work as you'd expect (it prevents the cisco
from framing an IP broadcast packet into an ethernet broadcast
frame) BUT unfortunately it can break Windows networking, as well
as BOOTP/DHCP, depending on how you're set up.
but if you're not using one of the above (routed), then
by all means, 'no ip directed-broadcast' is an excellent way to go..
--
On Wed, Jul 30, 1997 at 02:52:14PM -0700, Craig A. Huegen said:
> On Wed, 30 Jul 1997, Jeffrey S. Curtis wrote:
>
> ==>(And to answer the proverbial "how do I configure my router for that"
> ==>in advance, the answer is that, at least on my boxes, the not-allowing-
> ==>broadcast-pings-through-as-broadcasts-onto-the-target-media thing is on
> ==>by default. Source address filtering, however, is not.)
>
> For Ciscos, "no ip directed-broadcast" on your interfaces will
> prevent remote devices from sending directed broadcasts. No guarantees
> about applications it might break, though.
>
> /cah
