When To Enable Ip Directed Broadcast - Dell PowerConnect J-EX4200-24T Software Manual

When to Enable IP Directed Broadcast

When Not to Enable IP Directed Broadcast
Related
Documentation
High Availability Features for J-EX Series Switches Overview
IP directed broadcast is disabled by default. Enable IP directed broadcast when you want
to perform remote management or administration services such as backups or WOL
tasks on hosts in a subnet that does not have a direct connection to the Internet.
Enabling IP directed broadcast on a subnet affects only the hosts within that subnet.
Only packets received on the subnet's Layer 3 interface that have the subnet's broadcast
IP address as the destination address are flooded on the subnet.
Typically, you do not enable IP directed broadcast on subnets that have direct connections
to the Internet. Disabling IP directed broadcast on a subnet's Layer 3 interface affects
only that subnet. If you disable IP directed broadcast on a subnet and a packet that has
the broadcast IP address of that subnet arrives at the switch, the switch drops the
broadcast packet.
If a subnet has a direct connection to the Internet, enabling IP directed broadcast on it
increases the network's susceptibility to denial-of-service (DoS) attacks.
For example, a malicious attacker can spoof a source IP address (use a source IP address
that is not the actual source of the transmission to deceive a network into identifying the
attacker as a legitimate source) and send IP directed broadcasts containing Internet
Control Message Protocol (ICMP) echo (ping) packets. When the hosts on the network
with IP directed broadcast enabled receive the ICMP echo packets, they all send replies
to the victim that has the spoofed source IP address. This creates a flood of ping replies
in a DoS attack that can overwhelm the spoofed source address; this is known as a
"smurf" attack. Another common DoS attack on exposed networks with IP directed
broadcast enabled is a "fraggle" attack, which is similar to a smurf attack except that
the malicious packet is a User Datagram Protocol (UDP) echo packet instead of an ICMP
echo packet.
Example: Configuring IP Directed Broadcast on a J-EX Series Switch on page 904
Configuring IP Directed Broadcast (CLI Procedure) on page 929
High availability refers to the hardware and software components that provide redundancy
and reliability for packet-based communications. This topic covers the following high
availability features of J-EX Series Switches:
VRRP on page 878
Graceful Protocol Restart on page 878
Redundant Routing Engines on page 878
Graceful Routing Engine Switchover on page 879
Virtual Chassis Software Upgrade and Failover Features on page 879
Link Aggregation on page 880
Chapter 50: Interfaces—Overview
877