Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
919293949596979899100
95
OL-11615-01
Directed Broadcast
An IP directed broadcast packet is an IP packet whose destination address is a valid broadcast address
for an IP subnet. When a directed broadcast packet reaches a router that is directly connected to its
destination subnet, and if the router is configured to do so, that packet is “exploded” as a broadcast on
the destination subnet. By default, earlier releases of Cisco IOS software handle directed broadcasts this
way. However, because directed broadcasts have been used for attacks, such as the SMURF attack, the
default behavior has been changed to drop directed broadcasts since Cisco IOS software Release 11.2.
In the case the forwarding of directed broadcast has been enabled, or in the case of Cisco IOS software
releases prior to Cisco IOS software Release 11.2, it is s recommended that you disable this feature on
all interfaces using the no ip directed-broadcast interface configuration command, as shown in the
following example:
Router(config-if)# no ip directed-broadcast
For more information about the ip directed-broadcast command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipras_r/ip1
_i1g.htm#wp1081245
Finger Protocol
Finger, as defined in RFC 742, is a protocol that can be used to obtain information about users logged
into a remote host or network device. Cisco IOS software incorporates a finger service, which in Cisco
IOS software releases prior to 12.1(5) and 12.1(5)T was turned on by default. Although the finger service
does not reveal any extremely sensitive information, it can be used by a potential attacker to gather
information. Therefore it is recommended that you disable this service.
In older releases of Cisco IOS software where the finger service was enabled by default, it can be
disabled using the no service finger global configuration command, as shown in the following example:
Router(config)#no service finger
Starting in Cisco IOS software 12.1(5) and 12.1(5)T, the finger service is disabled by default. If finger
has been enabled and the service is not needed, it can be disabled using the no ip finger global
configuration command, as shown in the following example:
Router(config)# no ip finger
For more information on the finger service, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/fun_r/cfr
_1g03.htm#wp1033299
IP BOOTP Server
As defined by RFC 951, the Bootstrap protocol allows a diskless workstation to configure itself at boot
time by dynamically obtaining an IP address, the IP address of the BOOTP server, and a configuration
file. Cisco IOS software implements a bootstrap service that allows a router to act as a BOOTP server
providing dynamic configuration services to other Cisco IOS software routers. This service is turned on
by default and it is used by features like AutoInstall, which simplifies or automates the configuration of
Cisco devices. If not needed, this service should be disabled using the no ip bootp server global
configuration command, as shown in the following example:
Router(config)# no ip bootp server
For more information about the BOOTP server service, refer to the following URL: