Table of Contents
Advertisement
Chapter 16
Security Audit
Disable IP Directed Broadcast
OL-4015-08
The configuration that will be delivered to the router to disable proxy ARP is as
follows:
no ip proxy-arp
This fix can be undone. To learn how, click
Security Audit disables IP directed broadcasts whenever possible. An IP directed
broadcast is a datagram which is sent to the broadcast address of a subnet to which
the sending machine is not directly attached. The directed broadcast is routed
through the network as a unicast packet until it arrives at the target subnet, where
it is converted into a link-layer broadcast. Because of the nature of the IP
addressing architecture, only the last router in the chain, the one that is connected
directly to the target subnet, can conclusively identify a directed broadcast.
Directed broadcasts are occasionally used for legitimate purposes, but such use is
not common outside the financial services industry.
IP directed broadcasts are used in the extremely common and popular "smurf"
Denial-of-Service attack, and they can also be used in related attacks. In a "smurf"
attack, the attacker sends ICMP echo requests from a falsified source address to a
directed broadcast address, causing all the hosts on the target subnet to send
replies to the falsified source. By sending a continuous stream of such requests,
the attacker can create a much larger stream of replies, which can completely
inundate the host whose address is being falsified.
Disabling IP directed broadcasts causes directed broadcasts that would otherwise
be "exploded" into link-layer broadcasts at that interface to be dropped instead.
The configuration that will be delivered to the router to disable IP directed
broadcasts is as follows:
no ip directed-broadcast
This fix can be undone. To learn how, click
Cisco Router and Security Device Manager Version 2.2 User's Guide
Undoing Security Audit
Undoing Security Audit
Fix It Page
Fixes.
Fixes.
16-19
Advertisement
Table of Contents
Troubleshooting
