According to Ian Miller
> I recently noticed an NFS client program doing a global UDP broadcast (i.e.
> broadcasting to 255.255.255.255) to port 111. I saw it because our
> firewall logged it when it blocked the packet. However, it made me wonder
> how far it would have got if the firewall hadn't stopped it. (It had a TTL
> of 60 so it was not self limiting.) Do back-bone and ISP routers block such
> global traffic? If not, why aren't we swamped by it?
> Whatever your ISP does it struck as a classic example of where the firewall
> should protecting the Internet from the private network.
broadcasts should NOT be routed !!! However it is possible to configure
some routers to pass specific broadcasts (such as bootp requests). This
should generally only be done if absolutely necessary as it can add a
heavy processing load on the router.
Regards
Steve
--
home steve @
gbnet .
org * Flat 2, 43 Howitt Road, Belsize Pk, London NW3 4LU
work steve @
demon .
net * tel +44-(0)171 483 1169 FAX +44-(0)181 444 6103
www http://www.gbnet.net/ *
bits steve @
gbnet .
net * Orange mobile +44-(0)973 600050
Euro firewall info - send mail to majordomo @
gbnet .
net (subscribe firewalls-uk)
|
|
