Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1365
Views
5
Helpful
2
Replies

pinging network broadcast address from multilayer switch

carl_townshend
Spotlight
Spotlight

‎04-07-2011 06:55 AM - edited ‎03-06-2019 04:29 PM

Hi all

I noitced a useful use of a network broadcast on my switch yesterday to help get the arp entry in my switch, ie 192.168.1.255,  do many other people use this? it basically pinged all clients on the net.

cheers

Labels:
0 Helpful
2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

‎04-07-2011 07:29 AM

Hi,

Windows hosts won't answer these pings destined to the broadcast address. It can be used to discover IP addresses or test connectivity without pinging each address individually but I've only used it in labs with only a few routers/switches, I don't think I would  use this in a production network with lots of devices.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

hobbe
Level 7
Level 7

‎04-07-2011 09:26 AM

Congratulations you have just disovered a smurf attack.

This is one reason why filtering of incoming traffic to the broadcast address of an internet network is important.

think of it like this

lets say we have almost a full c network, say 200 hosts and I recieve a spoofed ping to the broadcast address of that network.

the address who sent the ping claims to be 1.2.3.4 but that is fake, it is realy 10.20.30.40 someone who does not like the company who has 1.2.3.4,  now the ping answer from my network ie the 200 host will send 200 packets for each of the 10.20.30.40 packets that is sent to the broadcast adress.

so my network have amplified the attackers by about 200. my network is now a smurf amplifier.

Good luck

HTH

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card