disabling directed broadcasts

• Previous message (by thread): [nsp] known networks for broadcast ping attacks
• Next message (by thread): [nsp] known networks for broadcast ping attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jul 30 21:16, Edward Henigin wrote:
} Subject: disabling forwarding of directed broadcasts

%	this does work as you'd expect (it prevents the cisco
% from framing an IP broadcast packet into an ethernet broadcast
% frame)  BUT unfortunately it can break Windows networking, as well
% as BOOTP/DHCP, depending on how you're set up.

BOOTP/DHCP does NOT need directed broadcast forwarding enabled
to work properly.  The "helper-address" function and the DHCP RELAY
code take care of BOOTP/DHCP traffic.  Implementations of BOOTP/DHCP
don't require enabling forwarding of directed broadcast packets.
I've verified this experimentally in a previous life.

I also have (past) experience with a network running MS/NetBIOS cruft
through routers with forwarding of directed broadcasts DISABLED.
It worked fine.

If there is some corner case I've missed that requires forwarding
of directed broadcast packets, it would be useful for that specific
case to be enumerated _in detail, in public_.

Ran
rja at home.net

• Previous message (by thread): [nsp] known networks for broadcast ping attacks
• Next message (by thread): [nsp] known networks for broadcast ping attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]