Broadcast traffic
From Wikipedia, the free encyclopedia
Broadcast traffic, in computer networking, is traffic that is simultaneously addressed to all computers connected to the network, as opposed to unicast or multicast traffic. This is in contrast to the model SLP offers.
In TCP/IP networking (layer 3 on the OSI Model), the highest possible address in the IP network range is reserved as the broadcast address - for example in the network 192.168.0.0/24 (192.168.0.xxx with subnet mask 255.255.255.0) the broadcast address is 192.168.0.255.
In MAC addressing (layer 2 on the OSI model), the broadcast address is the MAC address FF:FF:FF:FF:FF:FF, otherwise known as the 'all F' address.
Packets (layer 3) or frames (layer 2) sent to the broadcast address will be sent to all nodes within the broadcast domain.
[edit] Proper Configuration
All stations should be on the same segment (or bridged), and should be listening on the same broadcast address to participate. Stations that have mismatched settings will have limited or no visibility of nearby services. Remote announcements must use that address (but are not neccessarly required to use it as its broadcast address).
[edit] Role
One of the primary purposes of the broadcast address, is for systems to share service and state information between them. Typical examples are visible with ruptime, SAMBA or Windows file and print sharing. Each station broadcasts its presence into the local network to announce its services.
[edit] Security
Stations that should not announce their service states should disable broadcasting. While setting the broadcast addresses to the same ip address of the station works, it's not a best practice. This will disable that station from learning of other broadcast traffic in the network. If the service in question alone provides too much information, you should consider disabling or removing it.
Some Denial of service attacks use broadcast amplification to illicit replies from a broadcast address to a spoofed victim. Routers should use ACLs or filtering to drop unwanted external to local broadcast traffic. This will prevent local stations from replying. Many Operating Systems have additional configuration to enable/disable broadcast replies.
- Linux via procfs
$ cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts