ip directed broadcast

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

According to cisco press 642-812:

"the no ip directed-broadcast command configures the router or switch to prevent the translation of a directed broadcast to a physical broadcast".

Whatever the hell that means.

Also:

"make sure the ip directed-broadcast is not configured on any outbound interface that UDP broadcast packets need to traverse".

Well, why the hell not ?

No explaination is given. This is one of the reasons I don't like cisco press books all that much.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

directed-broadcasts are generally a bad thing, and are disabled by default on all interfaces in Cisco IOS.

A directed-broadcast is an ip packet with a destination address that is a valid broadcast address for a subnet, but does not originate from that subnet. It is trivial to abuse directed-broadcasts for smurf or fraggle attacks and so directed-broadcasts should always be disabled (the default) unless there is a need for them. In a properly designed network I can't think of a need for directed-broadcasts. If you needed to use them, an acl can be configured to limit malicious use of directed-broadcasts.

An example of a directed-broadcast would be a packet sent to a router interface e1 addressed to the broadcast address of the subnet on interface e2. The router will then helpfully direct the packet out e2 and "explode" the broadcast on the subnet. It is easy to see how an attacker could exploit this, hence no ip directed-broadcast is the default.

Spice_Weasel

 

Thanks Spice.

So what you're saying is that ip directed broadcasts are layer 3 broadcasts that can't be segmented by a router or a distribution layer switch ? You either have to disable them on an interface or filter them with an ACL ?

 

Yes, they are broadcasts that will not be stopped by routers/switches.

The directed broadcast packet is routed through the network as a unicast packet. Each router along the way will route the directed broadcast just as they would any other unicast packet. Once the packet reaches the target subnet it is converted (explodes) into a link layer broadcast (FF:FF:FF:FF:FF:FF on ethernet) which will be processed by every host on that network.

By sending an icmp (or udp) echo request to a target network, with a spoofed source ip of a victim, a storm of replies is generated which results in a DoS on the victim. So directed broadcasts should never be enabled without a very good reason.

Spice_Weasel

 

Excellent ! I understand it now.

Mucho Gracias.

 

hey thanks a lot i understand the concept now..