Home page logo
/

nanog logo nanog mailing list archives

Re: IP flooding by using broadcast address
From: Daniel Senie <dts () proteon com>
Date: Sun, 20 Jul 1997 01:46:25 -0400

Edward Henigin wrote:

On Sat, Jul 19, 1997 at 09:11:28PM -0700, Joe Rhett said:
    I think it would be very wise of cisco to have a global flag
(or at least, a per-interface flag) which would prevent the
forwarding
of a packet to an all-ones address.  If cisco won't add this
feature,

Yes!

        I was just told that the interface command "no ip
direct-broadcast"
may be what I was asking for..


At least on our (OpenROUTE Networks/Proteon) routers and those based on
our code, you can control whether the router will forward packets which
are directed broadcasts. For example, do you allow a packet addressed to
192.168.123.255 to travel to your network from a distance, and then be
broadcast on a LAN medium that is used for the 192.168.123.0 subnet?

Directed broadcasts can be useful within a company's internal network,
but is not a good thing to allow on a border router.

The original question, though, was about the source address. This could
be addressed with filters, or with the addition of extra options. In our
routers, filters could be constructed for this relatively easily.

(I can't tell you about cisco product, though. I suspect they have many
similar features).

        Ed

-- 
-------------------------------------------------------
Daniel Senie                  dts () openroute com
OpenROUTE Networks, Inc.      http://www.openroute.com/
508-898-2800


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]