[11505] in North American Network Operators' Group
Re: [nsp] known networks for broadcast ping attacks
daemon@ATHENA.MIT.EDU (Jeremy Porter)
Wed Jul 30 23:47:23 1997
To: Edward Henigin <ed@texas.net>
cc: cisco-nsp@cic.net, nanog@merit.edu
In-reply-to: Your message of "Wed, 30 Jul 1997 21:16:25 CDT."
<19970730211625.11611@texas.net>
Date: Wed, 30 Jul 1997 22:29:21 -0500
From: Jeremy Porter <jerry@fc.net>
Maybe, I'm not completely understanding this, but
from my own testing, it seems to me that, when I do this without
regard to ip directed broadcast, I get one response back from the closest
interface, but perhaps they are using source routing or something
to cause this?
In message <19970730211625.11611@texas.net>, Edward Henigin writes:
>
> this does work as you'd expect (it prevents the cisco
>from framing an IP broadcast packet into an ethernet broadcast
>frame) BUT unfortunately it can break Windows networking, as well
>as BOOTP/DHCP, depending on how you're set up.
>
> but if you're not using one of the above (routed), then
>by all means, 'no ip directed-broadcast' is an excellent way to go..
>
>--
>On Wed, Jul 30, 1997 at 02:52:14PM -0700, Craig A. Huegen said:
>> On Wed, 30 Jul 1997, Jeffrey S. Curtis wrote:
>>
>> ==>(And to answer the proverbial "how do I configure my router for that"
>> ==>in advance, the answer is that, at least on my boxes, the not-allowing-
>> ==>broadcast-pings-through-as-broadcasts-onto-the-target-media thing is on
>> ==>by default. Source address filtering, however, is not.)
>>
>> For Ciscos, "no ip directed-broadcast" on your interfaces will
>> prevent remote devices from sending directed broadcasts. No guarantees
>> about applications it might break, though.
>>
>> /cah
>
---
Jeremy Porter, Freeside Communications, Inc. jerry@fc.net
PO BOX 80315 Austin, Tx 78708 | 1-800-968-8750 | 512-458-9810
http://www.fc.net
