04-03-2008 03:14 AM - edited 03-05-2019 10:09 PM
Hi all, Can anyone tell me what a directed broadcast is, and what/who would use one? on my layer 3 switch are these enabled by default ?
04-03-2008 06:04 AM
Hi Carl,
IP Directed Broadcasts make it possible to send an IP broadcast packet to a remote IP subnet. Once it reaches the remote network, the forwarding IP device sends the packet as a Layer 2 broadcast to all stations on the subnet. This directed broadcast functionality has been leveraged as an amplification and reflection aid in several attacks, including the smurf attack.
Current versions of Cisco IOS software have this functionality disabled by default; however, it can be enabled via the ip directed-broadcast interface configuration command. Releases of Cisco IOS software prior to 12.0 have this functionality enabled by default.
If a network absolutely requires directed broadcast functionality, its use should be controlled. This is possible using an access control list as an option to the ip directed-broadcast command. This configuration example limits directed broadcasts to those UDP packets originating at a trusted network, 192.168.1.0/24:
!
access-list 100 permit udp 192.168.1.0 0.0.0.255 any
!
interface FastEthernet 0
ip directed-broadcast 100
!
The above is from Cisco Guide to Harden Cisco IOS Devices http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
Regards,
Dandy
04-03-2008 08:08 AM
Hi Dandy
we have a nortel passport on site and i see that for each layer 3 vlan setup there is a tick in enable directed broadcast, should I disable this ? and what apps need or use these broadcasts ?
04-03-2008 08:24 AM
Hi Carl,
There are few IP Applications that uses Directed Broadcast. One of them is ezRemote Manager, check this link on how it works http://forms.neoware.com/s.nl/ctype.KB/it.I/id.247/KB.335/.f
I'm not familiar with Nortel Passport so I can't comment on that.
Regards,
Dandy
04-03-2008 08:34 AM
is it normally turned off on cisco routers/multilayer switches etc ?
04-03-2008 08:53 AM
Hi Carl,
In new IOS releases as mentioned in the document.
This is because it is not normally use and need to turn OFF anyway for security reason.
Same with the "ip classless". Old IOS turn OFF "ip classless" by default, but you need to turn it ON since majority of routing is classless. So new IOS releases turn ON "ip classless" by default.
Regards,
Dandy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide