At 9:43 AM -0600 9/5/97, David Papp wrote:
What are the implications of turning off "ip directed broadcasts" on our routers? Or is this something that all backbone providers or ISPs automatically do (kind of like "ip classless" and "ip subnet-zero")?
This was covered in some detail about a month ago, so you could check the list's archives. The operational implications of turning off "ip directed broadcasts" seem negligible--there are very few circumstances in which you *need* to send packets to the broadcast address on another network. I would hope that this becomes "automatic" like the other commands you mention. I can think of very few circumstances in which you need directed broadcasts, yet by permitting them, you allow your network to be used in attacks against others. We're also using the following extended access list (along with anti-spoofing filters) to prevent smurf attacks from originating from our network: access-list XXX deny ip any 0.0.0.255 255.255.255.0 But that's just us... Jordyn |----------------------------------------------------------------| |Jordyn A. Buchanan mailto:jordyn@bestweb.net | |Bestweb Corporation http://www.bestweb.net | |Senior System Administrator +1.914.271.4500 | |----------------------------------------------------------------|