From: Krucker, Louis (louis.krucker@xxxxxxxxxxx)
Date: Thu May 16 2002 - 00:29:19 GMT-3
Hi
We use no ip directed broadcast to prevent hacker attacks
with a broadcast address in the source field (smurf attack)
This is somewhere reported on CCO.
regards
Louis
-----Original Message-----
From: Jason Sinclair
To: 'Tom Young'
Cc: 'ccielab@groupstudy.com'
Sent: 16.05.2002 03:47
Subject: RE: some command
Tom,
Basically the directed-broadcast command has more relevance in switching
it
on so that the router will pass the directed broadcast packets. You are
correct in stating that a router will not normally propagate broadcasts,
however you may want to modify this behaviour.
With regards to mroute/route-cache this is useful to turn off for
debugging
as commands such as debug ip packet do not show you switched packets
that
use the route-cache for exit interface info. It only shows packets that
are
passed to the processor, hence by leaving it on you may miss packets in
the
debug. By turning it off you ensure that you see all packets that are
processed.
Regards,
Jason Sinclair CCIE #9100
Manager, Network Control Centre
POWERTEL
Ground Level, 55 Clarence Street,
SYDNEY NSW 2000
AUSTRALIA
office: + 61 2 8264 3820
mobile: + 61 416 105 858
* sinclairj@powertel.com.au
-----Original Message-----
From: Tom Young [mailto:gitsyoung@yahoo.co.jp]
Sent: Thursday, 16 May 2002 11:33
To: Jason Sinclair
Subject: RE: some command
Jason:
Thank you for your reply, I understood the two command
now.
But I still don't know their function, for example,
route couldn't forward any broadcast, it is the rule of
router, so I think the router couldn't forward the
192.168.1.255,basicly. So, the no ip directed-broadcast is
meanless.
And the mroute-cache, if the router don't cache the
unicast route, It will take more longer time for
forwarding packet. Why do so? Has it some advantage?
Sorry for asking you so simple question, and take your
time.
Best regards
Young
--- Jason Sinclair <sinclairj@powertel.com.au> ????
?????
> Tom,
>
> Let's start with no ip directed-broadcast:
> This instructs the router to not forward packets
> that are destined
> to a directed broadcast address. For example, a
> broadcast is 255.255.255.255
> in IP terms. In the case of 192.168.1.0/24, the
> directed broadcast address
> is 192.168.1.255. Hence the router will not
> propagate packets to this
> address.
>
> Now for no ip mroute-cache:
> This instructs the router to turn off cache support
> for multicast
> packets. Basically is the same as turning off
> route-cache for unicast
> packets and instructs the router to process switch
> multicast packets.
>
> Regards,
>
> Jason Sinclair CCIE #9100
> Manager, Network Control Centre
> POWERTEL
> Ground Level, 55 Clarence Street,
> SYDNEY NSW 2000
> AUSTRALIA
> office: + 61 2 8264 3820
> mobile: + 61 416 105 858
> * sinclairj@powertel.com.au
>
>
>
>
>
> -----Original Message-----
> From: Tom Young [mailto:gitsyoung@yahoo.co.jp]
> Sent: Thursday, 16 May 2002 10:41
> To: ccielab@groupstudy.com
> Subject: some command
>
> For some simple command, I couldn't find the
> explain from
> CCO, who can exlain it to me precisely?
> For example:
>
> no ip directed-broadcast
> and
> no mroute-cache
>
>
> Thanks
>
> Young
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:58 GMT-3