Importance Of Directed Broadcasts

Do we know what problem we will face if we enable ' ip directed-broadcast' in an Interface???

IP directed broadcasts are used in the common and popular smurf denial of service attack, and can also be used in related attacks.

An IP directed broadcast is a datagram which is sent to the broadcast address of a subnet to which the sending machine is not directly attached. The directed broadcast is routed through the network as a unicast packet until it arrives at the target subnet, where it is converted into a link-layer broadcast. Because of the nature of the IP addressing architecture, only the last router in the chain, the one that is connected directly to the target subnet, can conclusively identify a directed broadcast. Directed broadcasts are occasionally used for legitimate purposes, but such use is not common outside the financial services industry.

In a smurf attack, the attacker sends ICMP echo requests from a falsified source address to a directed broadcast address. This causes all the hosts on the target subnet to send replies to the falsified source. By sending a continuous stream of such requests, the attacker can create a much larger stream of replies. This can completely inundate the host, whose address is falsified.

If a Cisco interface is configured with the no ip directed-broadcast command, directed broadcasts that are otherwise exploded into link-layer broadcasts at that interface are dropped instead. This means that the no ip directed-broadcast command must be configured on every interface of every router that is connected to a target subnet. It is not sufficient to configure only on firewall routers. The no ip directed-broadcast command is the default in Cisco IOS Software Release 12.0 and later. In earlier releases, the command should be applied to every LAN interface that is not known to forward legitimate directed broadcasts.