Causes
Most commonly the cause is a switching loop in the Ethernet wiring topology (i.e. two or more paths exist between end stations). As broadcasts and multicasts are forwarded by switches out every port, the switch or switches will repeatedly rebroadcast broadcast messages and flood the network.
In some cases, a broadcast storm can be instigated for the purpose of a denial of service (DOS) using one of the packet amplification attacks, such as the smurf attack or fraggle attack, where smurf sends a large amount of ICMP Echo Requests (ping) traffic to a broadcast address, with each ICMP Echo packet containing the spoof source address of the victim host. When the spoofed packet arrives at the destination network, all hosts on the network reply to the spoofed address. The initial Echo Request is multiplied by the number of hosts on the network. This generates a storm of replies to the victim host tying up network bandwidth, using up CPU resources or possibly crashing the victim.
In wireless networks a disassociation packet spoofed with the source to that of the wireless access point and sent to the broadcast address can generate a disassociation broadcast DOS attack.
Read more about this topic: Broadcast Radiation