Detections
Analytics

2.4 IP Directed Broadcast

Information

IP Directed Broadcast is a feature by which remote administration tasks such as backups and wake-on-LAN (WOL) application can be achieved by sending directed broadcast packets for hosts and servers residing on adifferent subnets. IP Directed Broadcast is supported on ROP, SVI and L3LAG interfaces. It is disabled by default.Disabling IP directed broadcast on unused interfaces in AOS-CX switches prevents the switch from converting directed broadcast packets into Layer 2 broadcasts on a destination subnet. This configuration ensures that such traffic is dropped rather than propagated further into the network.

IP directed broadcasts are often exploited in amplification attacks, such as Smurf attacks, which flood the network with broadcast traffic to disrupt operations. By disabling this feature on unused interfaces, network administrators can reduce the likelihood of these types of exploits. Additionally, it prevents unnecessary broadcast traffic from consuming resources on unused subnets.

Solution

IP Directed broadcast is disabled by default on all interface, to disable it incase if its enabled by mistake -

switch(config)# interface <ID>
switch(config)# no ip directed-broadcast

Impact:

Disabling IP directed broadcast on unused interfaces enhances network security by mitigating potential DoS amplification attacks. It reduces unnecessary processing and bandwidth usage caused by broadcast traffic on inactive interfaces. This configuration helps maintain network stability, improves overall performance, and minimizes attack surfaces by reducing the exposure of unused interfaces to malicious activity.

See Also

https://workbench.cisecurity.org/benchmarks/24202

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.2, CSCv7|12.4

Plugin: ArubaOS

Control ID: 56d1aa4ef1bf8009ef6ac35ab4accb36f55a1bcf9a8a32df3ebe5a133af7aba5