한국어

네트워킹

온누리070 플레이스토어 다운로드
    acrobits softphone
     온누리 070 카카오 프러스 친구추가온누리 070 카카오 프러스 친구추가친추
     카카오톡 채팅 상담 카카오톡 채팅 상담카톡
    
     라인상담
     라인으로 공유

     페북공유
    
     PAYPAL
     
     PRICE
     

pixel.gif

    before pay call 0088 from app


https://learningnetwork.cisco.com/thread/11397

Question about no ip-directed broadcast

Mar 7, 2010 6:51 PM

Milan 188 posts since
Sep 3, 2008

Hi,

 

Could someone explain to me in plain english what no ip-directed broadcast is meant to do and why its beneficial to have it disabled?

 

Thanks in advance

Milan

  • JohnMoore Beginner 120 posts since
    Apr 3, 2009
    Currently Being Moderated
    1. Mar 7, 2010 6:53 PM (in response to Milan)
    Re: Question about no ip-directed broadcast

    It is to prevent someone doing a broadcast which could flood the nic/router/subnet, otherwise if enabled will allow broadcasts.

     

    J

  • Angela Expert 733 posts since
    Jan 29, 2010
    Currently Being Moderated
    2. Mar 7, 2010 8:18 PM (in response to Milan)
    Re: Question about no ip-directed broadcast

    'no ip-directed broadcast' is a command that prevent a router from broadcasting its IP address. This is a security concern.

     

      As you advance, you will know that you can send a continuous ping to a location to test for network activity. However, some malicious hacker can take advantage of this ping utility and use many computers to ping a single site. This create a lot of traffic, and so, jams up the network resources. By preventing sending out IP address in the first place greatly reduces the risk.

     

      Another, similar approach is to disable ICMP protocol, which is responsible for the functioning of 'ping' utility. When doing so, you reject any 'ping' or 'traceroute', thus effectively eliminate risk of DoS attacks.

     

      In summary, disabling ICMP is more effective than 'no ip-directed broadcast' as it actively deny access to all ICMP traffic, while 'no ip-directed broadcast' just limit the distribution of some IP address; the hacker STILL CAN obtain your address through other means. On the other hand, 'ping' and 'traceroute' are very important troubleshooting tools, so disabling them brings somewhat increase in the level of difficulty in troubleshooting.

     

    Regards,

    A

  • Matthew Bartlett Member 10 posts since
    Jan 25, 2010
    Currently Being Moderated
    4. Mar 7, 2010 8:38 PM (in response to Angela)
    Re: Question about no ip-directed broadcast

    Angela,  I don't think this is correct, as it has to do with broadcast from outside of the destination subnet (a broadcast that doesn't originate from the subnet it is intended for).  This is from the Cisco website, http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1081245 :

     

     

    Usage Guidelines

    An IP directed broadcast is an IP packet whose destination address is a valid broadcast address for some IP subnet, but which originates from a node that is not itself part of that destination subnet.

    A router that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way it would forward unicast IP packets destined to a host on that subnet. When a directed broadcast packet reaches a router that is directly connected to its destination subnet, that packet is "exploded" as a broadcast on the destination subnet. The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast.

    The ip directed-broadcast interface command controls the explosion of directed broadcasts when they reach their target subnets. The command affects only the final transmission of the directed broadcast on its ultimate destination subnet. It does not affect the transit unicast routing of IP directed broadcasts.

    If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as directed broadcasts intended for the subnet to which that interface is attached will be exploded as broadcasts on that subnet. If an access list has been configured with the ip directed-broadcast command, only directed broadcasts that are permitted by the access list in question will be forwarded; all other directed broadcasts destined for the interface subnet will be dropped.

    If the no ip directed-broadcast command has been configured for an interface, directed broadcasts destined for the subnet to which that interface is attached will be dropped, rather than being broadcast.

     

    Matthew

  • sbjones Advanced 219 posts since
    Nov 14, 2009
    Currently Being Moderated
    5. Mar 7, 2010 9:38 PM (in response to Milan)
    Re: Question about no ip-directed broadcast

    More simply put: a network a broadcast address is 255.255.255.255 and as a broadcast it is sent to all hosts -on that network (or subnet),  the network on which the packet originated. All hosts see it and act upon it or drop it depending on what is in the broadcast packet. The broadcast does not go any further than the network that originated it. The router does not route it.

     

    A directed broadcast is a packet sent from a different network (or subnet) to a legitimate broadcast address on another network. For example a device from 172.16.1.1 sends a packet (directed) to 192.168.1.255/24 (the broadcast address on network 192.168.1.0/24). The packet has a network and subnet address with the host bits all ones. This will be routed to 192.168.1.0 and sent to all hosts on 192.168.1.0.

     

    These are not desireable for the same reason as other broadcasts- lots of bandwidth consumption and hosts processing packets unnecessarily.

     

    Will not affect ping on the router interface.

  • Scott Morris - CCDE/4xCCIE/2xJNCIE Cisco Designated VIP 7,921 posts since
    Oct 7, 2008
    Currently Being Moderated
    6. Mar 8, 2010 5:03 AM (in response to Milan)
    Re: Question about no ip-directed broadcast

    While it's cool to have YOU talk to all your friends, you don't exactly want anyone and everyone to be able to reach your group of friends without prior authorization.  (Your friends may get upset with you!)

     

     

    Scott

조회 수 :
16212
등록일 :
2011.12.23
11:52:12 (*.160.42.233)
엮인글 :
http://webs.co.kr/index.php?document_srl=462&act=trackback&key=4d6
게시글 주소 :
http://webs.co.kr/index.php?document_srl=462
List of Articles
번호 제목 글쓴이 날짜 조회 수
60 route 및 iptables를 이용한 리눅스 특정 IP 접속 차단하는 법 admin 2018-04-15 1041
59 IPv6와 IPv4의 차이점 기존의 IPv4의 문제점 admin 2018-04-15 1062
58 유용한 네트워크 분석 도구 소개와 패킷분석 입문 admin 2018-04-15 972
57 실시간 120만개의 패킷분석 - OpenSOC 프로젝트 admin 2018-04-15 847
56 사례를 통해 알아가는 실전 패킷분석 A 기업의 UDP 트래픽 급증의 원인은 admin 2018-04-15 871
55 리눅스 linux 현재 사용중인 랜카드 트래픽 대역폭 확인 프로그램 nload admin 2017-11-04 3116
54 whois site ip owner check admin 2015-08-03 4640
53 How to reduce DDOS attack admin 2015-06-24 4777
52 Collection of basic Linux Firewall iptables rules all you need admin 2015-06-16 4521
51 TCP flag(URG, ACK, PSH, RST, SYN, FIN) admin 2014-04-05 11782
50 HowTo Disable ipv6 Lenny squeeze admin 2014-02-25 9891
49 ping 핑 에 의한 패킷 전송 10 단계 그림으로 설명 file admin 2014-02-13 13066
48 whois IP Domain admin 2014-02-10 10616
47 Cisco - CCNP, CCIE - QoS. Quality Of Service admin 2013-08-29 14430
46 Easy Steps to Cisco Extended Access List file admin 2013-08-02 12358
45 Securing Networks Access List Implementation on Cisco Routers admin 2013-08-02 36773
44 Analyzing High CPU Utilization Issues on Cisco Catalyst 6500 Series admin 2013-08-01 13694
43 Basic Configuration of VLANS, Switchports and InterVLAN Routing admin 2013-08-01 11814
42 다산 스위치 Dasan L3 Switch manuall 및 명령어 v6424 V5424 등 file admin 2013-07-14 26480
41 Intel Network Adapter Drivers for Windows Server 2003*, Final Release file admin 2013-06-22 12201
40 ping 설명 ICMP Internet Control Message Protocol 설명 여러가지 admin 2013-05-09 49066
39 네트웍을 공부하려고 하는분 네이버 네트워크 전문가 따라 잡기 카페 admin 2013-04-20 20378
38 List of TCP and UDP port numbers admin 2013-04-16 34670
37 Juniper QFabric, Junosphere, Automation, and More admin 2013-03-31 13507
36 Cisco ASA Packet Captures for Fun and Profit admin 2013-03-31 12365
35 3com tftp damon program 3cdv2r10 file admin 2013-03-17 13036
34 VLAN Tagging - Understanding VLANs Ethernet Frames admin 2013-03-11 30525
33 Cisco Catalyst Fixed Configuration Layer 2 and Layer 3 Switches admin 2013-01-30 27605
32 Quality of Service Guide - QOS admin 2012-01-06 54094
31 dscp ef admin 2012-01-06 15292
30 DSCP(분화된 서비스 코드 포인트) 개요 admin 2012-01-06 16933
29 IP Precedence, TOS & DSCP admin 2012-01-06 20720
28 컴퓨터 네트워크의 기초 강의 – 네트워크 관련 윈도우 명령어 admin 2012-01-02 15668
27 국내 IPv6 자료 한국 인터넷진흥원 admin 2012-01-02 13040
26 World BGP Report admin 2011-12-28 13116
25 BGP AS4766 Korea Telecom IPv4 Route Propagation file admin 2011-12-28 14740
24 Introduction to MPLS admin 2011-12-25 13569
23 Protocol BGP Lab 1 Part 1 AS Path Local Preference Route Reflectors admin 2011-12-25 14150
22 IPSec Site to Site VPN tunnels admin 2011-12-25 13897
21 CONFIGURING STATIC ROUTING RIP IGRP OSPF ON CISCO ROUTER admin 2011-12-25 14153
20 BGP Study 유튜브 동영상 admin 2011-12-25 14061
» Question about no ip-directed broadcast admin 2011-12-23 16212
18 IPv6 환경의 보안 위협 및 공격 분석 file admin 2011-12-22 13238
17 [Cisco] NAT Config 해설 admin 2011-12-19 80526
16 자이온의 실전! QoS 강좌 1 admin 2011-12-19 17837
15 3com 스위칭허브 스위칭용량및 속도 총정리 file admin 2011-12-16 19284
14 트래픽관리를 위한 MRTG 서버구축 admin 2011-12-16 17368
13 Brocade FastIron GS Series manuall file admin 2011-12-16 31305
12 CAT.6 UTP 케이블링 작업 요령 file admin 2011-12-16 19187
11 윈도우에서 특정아이피 차단 설정 하기 admin 2011-12-16 21122
10 정의랑의 네트워크이야기 - 네트워크 전반적인 분야 고수 admin 2011-12-16 13163
9 GRE Tunnel /VPN admin 2011-12-16 13453
8 VLAN과 TRUNK admin 2011-12-16 12824
7 와룡의 네트워크 카페에서 라우팅 ,스위칭공부 admin 2011-12-16 13591
6 방화벽 자료 admin 2011-12-16 13370
5 Subnet Mask Cheat Sheet admin 2011-12-16 13308
4 서브넷마스크 와일드마스크 계산기 file admin 2011-12-16 88339
3 KT 보안관제센터 직원들이 네트워크 감시 근무자 모니터 화면 admin 2011-12-16 16429
2 Juniper Training Courses admin 2011-12-16 15573
1 기간망의 네트워크 운용실의 대형 라우터장비 예 admin 2011-12-16 12783