Broadcast Traffic - Security

Security

Stations that should not announce their service states should disable broadcasting. While setting the broadcast addresses to the same ip address of the station works, it's not a best practice. This will disable that station from learning of other broadcast traffic in the network. If the service in question alone provides too much information, you should consider disabling or removing it.

Some Denial of service attacks use broadcast amplification to elicit replies from a broadcast address to a spoofed victim. Routers should use ACLs or filtering to drop unwanted external to local broadcast traffic. This will prevent local stations from replying. Many Operating Systems have additional configuration to enable/disable broadcast replies.

Linux via procfs
$ cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

Read more about this topic:  Broadcast Traffic

Famous quotes containing the word security:

    The contention that a standing army and navy is the best security of peace is about as logical as the claim that the most peaceful citizen is he who goes about heavily armed. The experience of every-day life fully proves that the armed individual is invariably anxious to try his strength. The same is historically true of governments. Really peaceful countries do not waste life and energy in war preparations, with the result that peace is maintained.
    Emma Goldman (1869–1940)

    When kindness has left people, even for a few moments, we become afraid of them as if their reason had left them. When it has left a place where we have always found it, it is like shipwreck; we drop from security into something malevolent and bottomless.
    Willa Cather (1876–1947)

    We now in the United States have more security guards for the rich than we have police services for the poor districts. If you’re looking for personal security, far better to move to the suburbs than to pay taxes in New York.
    John Kenneth Galbraith (b. 1908)