North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SMURF amplifier block list

  • From: Dean Anderson
  • Date: Fri Apr 17 18:17:32 1998

> Does no ip directed broadcast really work?

Yes. It works.

And it works for whatever your particular netmask or broadcast address
happens to be, which is what's important.

The only time you shouldn't do it globally is when some other network
really needs to see broadcasts.  For example, If we manage a client's
network with HP OpenView over the internet, we need to be able to send them
directed broadcasts, so that OpenView host discovery will work.  Patrol
works the same way, as do other products.  In this case you can't use the
"no ip directed broadcast" switch, but you can still set up access rules
which do the same thing except for the permitted network.

Bottom line is that you should protect your network from people who would
either abuse it via smurfing, or simply have no business looking for hosts
on your network. You have the tools to do it.

		--Dean


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  [email protected]
           LAN/WAN/UNIX/NT/TCPIP/DCE      http://www.av8.com
           We Make IT Fly!                (617)242-3091 x246
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++