[11533] in North American Network Operators' Group
Re: disabling directed broadcasts
daemon@ATHENA.MIT.EDU (Ran Atkinson)
Thu Jul 31 14:29:47 1997
From: rja@corp.home.net (Ran Atkinson)
Date: Thu, 31 Jul 1997 11:04:46 -0700
In-Reply-To: Edward Henigin <ed@texas.net>
"Re: [nsp] known networks for broadcast ping attacks" (Jul 30, 21:16)
To: cisco-nsp@cic.net
Cc: nanog@merit.edu
On Jul 30 21:16, Edward Henigin wrote:
} Subject: disabling forwarding of directed broadcasts
% this does work as you'd expect (it prevents the cisco
% from framing an IP broadcast packet into an ethernet broadcast
% frame) BUT unfortunately it can break Windows networking, as well
% as BOOTP/DHCP, depending on how you're set up.
BOOTP/DHCP does NOT need directed broadcast forwarding enabled
to work properly. The "helper-address" function and the DHCP RELAY
code take care of BOOTP/DHCP traffic. Implementations of BOOTP/DHCP
don't require enabling forwarding of directed broadcast packets.
I've verified this experimentally in a previous life.
I also have (past) experience with a network running MS/NetBIOS cruft
through routers with forwarding of directed broadcasts DISABLED.
It worked fine.
If there is some corner case I've missed that requires forwarding
of directed broadcast packets, it would be useful for that specific
case to be enumerated _in detail, in public_.
Ran
rja@home.net
