Broadcast Traffic - Security

Security

Stations that should not announce their service states should disable broadcasting. While setting the broadcast addresses to the same ip address of the station works, it's not a best practice. This will disable that station from learning of other broadcast traffic in the network. If the service in question alone provides too much information, you should consider disabling or removing it.

Some Denial of service attacks use broadcast amplification to elicit replies from a broadcast address to a spoofed victim. Routers should use ACLs or filtering to drop unwanted external to local broadcast traffic. This will prevent local stations from replying. Many Operating Systems have additional configuration to enable/disable broadcast replies.

Linux via procfs
$ cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

Read more about this topic:  Broadcast Traffic

Famous quotes containing the word security:

    If we could have any security against moods! If the profoundest prophet could be holden to his words, and the hearer who is ready to sell all and join the crusade, could have any certificate that to-morrow his prophet shall not unsay his testimony!
    Ralph Waldo Emerson (1803–1882)

    It is hard for those who have never known persecution,
    And who have never known a Christian,
    To believe these tales of Christian persecution.
    It is hard for those who live near a Bank
    To doubt the security of their money.
    —T.S. (Thomas Stearns)

    A well-regulated militia being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
    U.S. Constitution, Second Amendment.