Première page Précédent Suivant Dernière page Résumé Image
Prevention Techniques
How to prevent being a “bounce site”:
- Turn off directed broadcasts to subnets with 5 hosts or more
- Cisco: Interface command “no ip directed-broadcast”
- Proteon: IP protocol configuration “disable directed-broadcast”
- Bay Networks: Set a false static ARP address for bcast address
- Use access control lists (if necessary) to prevent ICMP echo requests from entering your network
- Probably not an elegant solution; makes troubleshooting difficult
- Encourage vendors to turn off replies for ICMP echos to broadcast addresses
- Host Requirements RFC-1122 Section 3.2.2.6 states “An ICMP Echo Request destined to an IP broadcast or IP multicast address MAY be silently discarded.”
- Patches are available for free UNIX-ish operating systems.
Notes: