North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [nsp] known networks for broadcast ping attacks

  • From: Jeremy Porter
  • Date: Wed Jul 30 23:46:16 1997

Maybe, I'm not completely understanding this, but
from my own testing, it seems to me that, when I do this without
regard to ip directed broadcast, I get one response back from the closest
interface, but perhaps they are using source routing or something
to cause this?

In message <[email protected]>, Edward Henigin writes:
>
>	this does work as you'd expect (it prevents the cisco
>from framing an IP broadcast packet into an ethernet broadcast
>frame)  BUT unfortunately it can break Windows networking, as well
>as BOOTP/DHCP, depending on how you're set up.
>
>	but if you're not using one of the above (routed), then
>by all means, 'no ip directed-broadcast' is an excellent way to go..
>
>--
>On Wed, Jul 30, 1997 at 02:52:14PM -0700, Craig A. Huegen said:
>> On Wed, 30 Jul 1997, Jeffrey S. Curtis wrote:
>> 
>> ==>(And to answer the proverbial "how do I configure my router for that"
>> ==>in advance, the answer is that, at least on my boxes, the not-allowing-
>> ==>broadcast-pings-through-as-broadcasts-onto-the-target-media thing is on
>> ==>by default.  Source address filtering, however, is not.)
>> 
>> For Ciscos, "no ip directed-broadcast" on your interfaces will
>> prevent remote devices from sending directed broadcasts.  No guarantees
>> about applications it might break, though.
>> 
>> /cah
>

---
Jeremy Porter, Freeside Communications, Inc.      [email protected]
PO BOX 80315 Austin, Tx 78708  |  1-800-968-8750  |  512-458-9810
http://www.fc.net