By default, IP directed broadcast is disabled.
When to Enable IP Directed Broadcast
IP directed broadcast is disabled by default. Enable IP directed broadcast when you want
to perform remote management or administration services such as backups or WOL
tasks on hosts in a subnet that does not have a direct connection to the Internet.
Enabling IP directed broadcast on a subnet affects only the hosts within that subnet.
Only packets received on the subnet’s Layer 3 interface that have the subnet’s broadcast
IP address as the destination address are flooded on the subnet.
When Not to Enable IP Directed Broadcast
Typically, you do not enable IP directed broadcast on subnets that have direct connections
to the Internet. Disabling IP directed broadcast on a subnet’s Layer 3 interface affects
only that subnet. If you disable IP directed broadcast on a subnet and a packet that has
the broadcast IP address of that subnet arrives at the switch, the switch drops the
broadcast packet.
If a subnet has a direct connection to the Internet, enabling IP directed broadcast on it
increases the network’s susceptibility to denial-of-service (DoS) attacks.
For example, a malicious attacker can spoof a source IP address (use a source IP address
that is not the actual source of the transmission to deceive a network into identifying the
attacker as a legitimate source) and send IP directed broadcasts containing Internet
Control Message Protocol (ICMP) echo (ping) packets. When the hosts on the network
with IP directed broadcast enabled receive the ICMP echo packets, they all send replies
to the victim that has the spoofed source IP address. This creates a flood of ping replies
in a DoS attack that can overwhelm the spoofed source address; this is known as a smurf
attack. Another common DoS attack on exposed networks with IP directed broadcast
enabled is a fraggle attack, which is similar to a smurf attack except that the malicious
packet is a User Datagram Protocol (UDP) echo packet instead of an ICMP echo packet.
Related
Documentation
Example: Configuring IP Directed Broadcast on an EX Series Switch•
• Configuring IP Directed Broadcast (CLI Procedure)
• Configuring IP Directed Broadcast (CLI Procedure) on page 100
Understanding Interface Ranges on EX Series Switches
NOTE: This concept uses Junos OS for EX Series switches with support for
the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs
software that does not support ELS, see Understanding Interface Ranges on
EX Series Switches. For ELS details, see Getting Started with Enhanced Layer
2 Software.
You can use the interface ranges to group interfaces of the same type that share a
common configuration profile. This helps reduce the time and effort in configuring
Copyright © 2015, Juniper Networks, Inc.24
Network Interfaces for EX4300 Switches
To Next Page
Loading...
Need help?
General
Weight and Dimensions
