Disable IP directed broadcasts

Your router is obedient. It will do what it's told, no matter who's doing the telling. A Smurf attack is a version of a Denial of Service (DOS) attack in which an attacker sends an ICMP echo request to your network's broadcast address using a spoofed source address. This causes all the hosts to respond to the broadcast request, which will slow down your network, at the very least.

Consult your router's documentation for information on how to disable IP directed broadcasts. For instance, the command "Central(config)#no ip source-route" will disable IP directed broadcasts on Cisco routers.


Fortifying router security

  Introduction
 Step 1: Change the default password!
 Step 2: Disable IP directed broadcasts
 Step 3: Disable HTTP configuration for the router, if possible
 Step 4: Block ICMP ping requests
 Step 5: Disable IP source routing
 Step 6: Determine your packet filtering needs
 Step 7: Establish Ingress and Egress address filtering policies
 Step 8: Maintain physical security of the router
 Step 9: Take the time to review the security logs

About the author
Chris Cox is a network administrator for the United States Army, based in Fort Irwin, California.

This tip originally appeared on SearchNetworking.com.

This was first published in January 2007

Dig deeper on Computer Network Installation and Administration Projects

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close