General - Cisco ROUTER-SDM-CD User Manual

General

NBAR
General
Description
IP Directed Broadcasts
Cisco Router and Security Device Manager 2.5 User's Guide
6-14
To associate Network-based application recognition (NBAR) with the interface,
check the NBAR Protocol check box.
NBAR statistics for the interface can be monitored by going to Monitor > Traffic
Status > Application/Protocol Traffic.
This window displays general security settings and allows you to enable or disable
them by checking or unchecking the check box next to the name and description.
If you have allowed the Security Audit feature to disable certain properties and
want to reenable them, you can reenable them in this window. The properties
listed in this window follow.
In this field you can enter a short description of the interface configuration. This
description is visible in the Edit Interfaces and Connections window. A
description, such as "Accounting" or "Test Net 5," can help other Cisco SDM
users understand the purpose of the configuration.
An IP directed broadcast is a datagram that is sent to the broadcast address of a
subnet to which the sending machine is not directly attached. The directed
broadcast is routed through the network as a unicast packet until it arrives at the
target subnet, where it is converted into a link-layer broadcast. Because of the
nature of the IP addressing architecture, only the last router in the chain, the one
that is connected directly to the target subnet, can conclusively identify a directed
broadcast. Directed broadcasts are occasionally used for legitimate purposes, but
such use is not common outside the financial services industry.
IP directed broadcasts are used in the extremely common and popular "smurf"
denial of service attack, and they can also be used in related attacks. In a "smurf"
attack, the attacker sends ICMP echo requests from a falsified source address to a
directed broadcast address, causing all the hosts on the target subnet to send
Chapter 6 Edit Interface/Connection
OL-4015-12