Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
938
Views
0
Helpful
5
Replies

directed broadcasts

carl_townshend
Spotlight
Spotlight

‎04-03-2008 03:14 AM - edited ‎03-05-2019 10:09 PM

Hi all, Can anyone tell me what a directed broadcast is, and what/who would use one? on my layer 3 switch are these enabled by default ?

Labels:
0 Helpful
5 Replies 5

Danilo Dy
VIP Alumni
VIP Alumni

‎04-03-2008 06:04 AM

Hi Carl,

IP Directed Broadcasts make it possible to send an IP broadcast packet to a remote IP subnet. Once it reaches the remote network, the forwarding IP device sends the packet as a Layer 2 broadcast to all stations on the subnet. This directed broadcast functionality has been leveraged as an amplification and reflection aid in several attacks, including the smurf attack.

Current versions of Cisco IOS software have this functionality disabled by default; however, it can be enabled via the ip directed-broadcast interface configuration command. Releases of Cisco IOS software prior to 12.0 have this functionality enabled by default.

If a network absolutely requires directed broadcast functionality, its use should be controlled. This is possible using an access control list as an option to the ip directed-broadcast command. This configuration example limits directed broadcasts to those UDP packets originating at a trusted network, 192.168.1.0/24:

!

access-list 100 permit udp 192.168.1.0 0.0.0.255 any

!

interface FastEthernet 0

ip directed-broadcast 100

!

The above is from Cisco Guide to Harden Cisco IOS Devices http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

Regards,

Dandy

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to Danilo Dy

‎04-03-2008 08:08 AM

Hi Dandy

we have a nortel passport on site and i see that for each layer 3 vlan setup there is a tick in enable directed broadcast, should I disable this ? and what apps need or use these broadcasts ?

0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni
In response to carl_townshend

‎04-03-2008 08:24 AM

Hi Carl,

There are few IP Applications that uses Directed Broadcast. One of them is ezRemote Manager, check this link on how it works http://forms.neoware.com/s.nl/ctype.KB/it.I/id.247/KB.335/.f

I'm not familiar with Nortel Passport so I can't comment on that.

Regards,

Dandy

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to Danilo Dy

‎04-03-2008 08:34 AM

is it normally turned off on cisco routers/multilayer switches etc ?

0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni
In response to carl_townshend

‎04-03-2008 08:53 AM

Hi Carl,

In new IOS releases as mentioned in the document.

This is because it is not normally use and need to turn OFF anyway for security reason.

Same with the "ip classless". Old IOS turn OFF "ip classless" by default, but you need to turn it ON since majority of routing is classless. So new IOS releases turn ON "ip classless" by default.

Regards,

Dandy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card