16-19
Cisco Router and Security Device Manager Version 2.2 Users Guide
OL-4015-08
Chapter16 Security Audit
Fix It Page
The configuration that will be delivered to the router to disable proxy ARP is as
follows:
no ip proxy-arp
This fix can be undone. To learn how, click Undoing Security Audit Fixes.
Disable IP Directed Broadcast
Security Audit disables IP directed broadcasts whenever possible. An IP directed
broadcast is a datagram which is sent to the broadcast address of a subnet to which
the sending machine is not directly attached. The dir ected broadcast is routed
through the network as a unicast packet until it arrives at the target subnet, where
it is converted into a link-layer broadcast. Because of the nature of the IP
addressing architecture, only the last router in the chain, the one that is connected
directly to the target subnet, can conclusively identify a directed broadcast.
Directed broadcasts are occasionally used for legitimate purposes, but such use is
not common outside the financial services industry.
IP directed broadcasts are used in the extremely common and popular smurf
Denial-of-Service attack, and they can also be used in related attacks. In a smurf
attack, the attacker sends ICMP echo requests from a falsified source address to a
directed broadcast address, causing all the hosts on the target subnet to send
replies to the falsified source. By sending a continuous stream of such re quests,
the attacker can create a much larger stream of replies, which can completely
inundate the host whose address is being falsified.
Disabling IP directed broadcasts causes directed broadcasts that would ot herwise
be exploded into link-layer broadcasts at that interface to be dropped instead.
The configuration that will be delivered to the router to disable IP directed
broadcasts is as follows:
no ip directed-broadcast
This fix can be undone. To learn how, click Undoing Security Audit Fixes.