From: Bert Kellerman (bertke@xxxxxxxxxxx)
Date: Mon Aug 28 2000 - 04:04:33 GMT-3
Kevin,
Thanks for pointing this out!
Bert
"Kevin M. Woods" wrote:
>
> The use of "no ip directed-broadcast" does not affect packets generated by
> the router itself towards connected interfaces, thus what you've mentioned,
> although useful, doesn't apply to this particular scenario.
>
> Kevin
>
> // Not very neat at all. You are pinging a broadcast address and getting
> // replies which means your network is vulnerable to be a smurf amplifier.
> // Unless you have a good reason, the very first config line you should put
> // on an interface with an IP network hanging off it is 'no ip
> // directed-broadcast". A lot of money and bandwidth is wasted because of
> // improper configuration on routers on the internet. For more details see
> // http://www.netscan.org. This does come in handy sometimes but should
> // only be taken off briefly, if at all on an Internet-connected router.
> //
> // Bert
> //
> // Ben Rife wrote:
> // >
> // > To All,
> // >
> // > From a router, you can ping the network address and receive a reply from
the
> // > local hosts. Example:
> // >
> // > I have a router with an ethernet interface addr of 192.168.1.1 /24.
> // > I ping the network address of 192.168.1.0 and received the following rep
ly:
> // >
> // > Reply to request 2 from 192.168.1.251, 1 ms
> // > Reply to request 2 from 128.128.2.250, 1 ms
> // > Reply to request 2 from 192.168.1.5, 1 ms
> // > Reply to request 2 from 192.168.1.3, 1 ms
> // >
> // > I believe it lists the hosts in the order which they reply. Just a thoug
ht!
> // > Kinda a neat trick!
> // >
> // > HTH,
> // >
> // > Ben Rife
> // > CCIE #5886
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:31 GMT-3