Broadcast Traffic - Security

Security

Stations that should not announce their service states should disable broadcasting. While setting the broadcast addresses to the same ip address of the station works, it's not a best practice. This will disable that station from learning of other broadcast traffic in the network. If the service in question alone provides too much information, you should consider disabling or removing it.

Some Denial of service attacks use broadcast amplification to elicit replies from a broadcast address to a spoofed victim. Routers should use ACLs or filtering to drop unwanted external to local broadcast traffic. This will prevent local stations from replying. Many Operating Systems have additional configuration to enable/disable broadcast replies.

Linux via procfs
$ cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

Read more about this topic:  Broadcast Traffic

Famous quotes containing the word security:

    The reins of government have been so long slackened, that I fear the people will not quietly submit to those restraints which are necessary for the peace and security of the community.
    Abigail Adams (1744–1818)

    Happiness is peace after strife, the overcoming of difficulties, the feeling of security and well-being. The only really happy folk are married women and single men.
    —H.L. (Henry Lewis)

    Is a Bill of Rights a security for [religious liberty]? If there were but one sect in America, a Bill of Rights would be a small protection for liberty.... Freedom derives from a multiplicity of sects, which pervade America, and which is the best and only security for religious liberty in any society. For where there is such a variety of sects, there cannot be a majority of any one sect to oppress and persecute the rest.
    James Madison (1751–1836)