Smurfing

• Previous message (by thread): Smurfing
• Next message (by thread): Smurfing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>On Fri, 13 Feb 1998, Dean Anderson wrote:

>If the ICMP packet is permitted in to the internal network then it
>doesn't matter where the network is, only that it have sufficient
>bandwidth to generate the necessary traffic out to the border (from
>the smurfer's POV).  This is why it needs to be turned off on all
>LAN segments (assuming it isn't used for other things).

If you enable broadcast forwarding on a cisco, thats true. But you should
have access filters in place at your borders to prevent directed broadcasts
to your networks and subnets.

Internally, directed broadcasts are (often) used.  The main thing is to
prevent others from using them, either unnecessarilly, or maliciously.

>How often is SNMP host discovery done?

It's configurable. I think the default shipped is every 15 minutes.  I
usually turn it down to once a day.

>Can't HPOV be directed to just
>discover on a specific network?

It can, and in fact it should be. But if you have turned off forwarding
directed broadcasts on that network, it won't work.

		--Dean


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  dean at av8.com
           LAN/WAN/UNIX/NT/TCPIP          http://www.av8.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

• Previous message (by thread): Smurfing
• Next message (by thread): Smurfing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]