[190] in bugtraq
broadcasting
daemon@ATHENA.MIT.EDU (Aleph One)
Mon Nov 7 22:26:11 1994
From: aleph1@dfw.net (Aleph One)
To: bugtraq@fc.net
Date: Mon, 7 Nov 1994 19:45:46 -0600 (CST)
Well, on the topic of broadcast addresses, here is what my
TCP/IP books have to say. The are 3 types of bradcast addresses.
Limited Broadcast which is 255.255.255.255. "A datagram destined is
*never* forarded by a router under any circumstance. It only appears
on the local cable. An unanswered question is: if a host is multihomed
and a process sends a datagram to the limited broadcast address, should
the datagram be sent out each connected interface that supports broadcast?
If not, an application that wants to broadcast out all interfaces
must determine all the interfaces on the host that suppport broadcasting,
and send a copy out each interface. Most BSD systems treat 255.255.255.255
as an alias for the broadcast address of the first interface that was
configured, and don;t provide any way to send a datagram out all
attacjed, broadcast-capable interfaces. Indeed, two applications that
send UDP datagrams out every interface are routed and rwhod (the server
for the BSD rwho client). Both of these applications go through a similar
start-up procedure to determine all the interfaces on the host, and which
ones are capable of broadcasting. The net-directed broadcast address
corresponding to that interface is then used as the destination address
for datagrams sent out ther interface. 'The Host Requirements RFC takes
no stand on the issue of whether a multihomed host should send a limited
broadast out all its interfaces." The second type is Net-directed
Broadcast. "The net-directed broadcast address has a host ID of all one
bits. A clas A net-direct broadcast address is netid.255.255.255, where
netid is the class A network ID. Arouter must forward a net-directed
broadcast, but it must also have an option to disable forwarding." The
netx type is Subnet-directed Broadcast."The subnet-directed broadcast
address has a host ID of all one bits but a specificsubnet ID.
Classification of IP address as a subnet-directed broadcast address
requires knowledge of the subnet mask. For example, if a router receives
a datagram destined for 128.1.2.255, this is a subnet-directed broadcast
if the class B network 128.1 has a subnet mask of 255.255.255., bit it is
not a broadcast if the subnet mask is 255.255.254.0 (0xfffffe00). The
last type of broadcast address if the all-subnets-directed Broadcast
address "An all-subnets-directed broadcast address also required
knowledge of the destination network's subnet mask, to differentiate this
broadcast address from a net-directed broadcast address. Both the subnet
Id and the host ID are all ones bits. For example, if the destination's
subnet mask is 255.255.255.0, the the IP address 128.1.255.255 is an all
subnets-directed broadcast. But if the network is not subnetted, then
this is a net-directed broadcast. Currect feeling [Almquist 1993] is that
this type of broadcast is obsolete. it is better to use multicasting then
an all-subnets-directed broadcast. '[Almquist 1993] notes that RFC 922
requires that an all-subnets directed broadcast be sent to all subnets,
but no currect routers do so. This is fortunate since a host that has
been musconfigured without its subnet mask sends all its "local"
broadcast to all subnets. For examplem ufd the host with IP address
128.1.2.3 doesn't set a subnet mask, then its broadcast address normallu
defaults to 128.1.255.255. but if the subnet mask should have been set to
255.255.255.0, then broadcast from this misconfigured host appear
directed to all subnets."
Sorry if anyone thinks thisis use less but i wanted to set clear certain
misunderstanding on the way broadcasting works. To be a bit more precise
if your are in a net that is subnetting (specially subnetting a class C
netowkr or subnetting a class B network in a non standard way) and if you
routers does not pass all-subnets directed broadcasts messages you are
rather safe unless the attackers knows your subnet mask (with shoulndt be
all that hard to guess by trail and error).
a1
http://dfw.net/~aleph1
