AW: IP Directed-Broadcast

From: Roger RPF (rpf@bluemail.ch)
Date: Tue Dec 16 2008 - 12:09:34 ARST

• Next message: Scott Morris: "RE: IP Directed-Broadcast"
• Previous message: Radioactive Frog: "Re: Contact Fedex For Your Package"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Scott,

But to me, the strange stuff with this command is, that the ACL is
implemented on the destination network, where the broadcast will be sent to.
So o.k., that protects that particular network but if someone is doing an
attack, these broadcast are still sent over the whole network....and then
get dropped at the destination (in the ACL).

Somehow, it would be better to already block these unwanted directed
broadcast somehow on the source, isn't it? But there is no possibility to do
that...not?

regards

Roger

-----Urspr|ngliche Nachricht-----
Von: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Im Auftrag von
Scott Morris
Gesendet: Dienstag, 16. Dezember 2008 05:29
An: 'John Edom'; 'Cisco certification'
Betreff: RE: IP Directed-Broadcast

The doc CD notes "Standard access list number in the range from 1 to 199. If
specified, a broadcast must pass the access list to be forwarded. "

So following that logic... You are putting a restriction such that only
SOME directed broadcasts (e.g. from trusted sources) would be allowed.
Anyone else, presumably attacking your network, would still be denied.

Thus, to open up this functionality for particular problem solutions
(multicast helpers?) you are not also opening up your network to a large
security hole.

HTH,

Scott Morris, CCIE4 #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al.
CCSI/JNCI-M/JNCI-ER
Senior CCIE Instructor

smorris@internetworkexpert.com

Knowledge is power.
Power corrupts.
Study hard and be Eeeeviiiil......
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of John
Edom
Sent: Monday, December 15, 2008 11:18 PM
To: Cisco certification
Subject: IP Directed-Broadcast

Hi,

Anyone explain me when and why we use ACL with command "ip
directed-broacast". I try to grab the concept of this from universcd but
couldnt.

Other question, can we see what are

Thanks

Blogs and organic groups at http://www.ccie.net

• Next message: Scott Morris: "RE: IP Directed-Broadcast"
• Previous message: Radioactive Frog: "Re: Contact Fedex For Your Package"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST