INTERNET-DRAFT D. Senie Category: Informational Amaranth Networks Inc. Updates: RFC 1812 January 1999 Expires in six months Changing the Default for Directed Broadcasts in Routers Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." To view the entire list of current Internet-Drafts, please check the "`id-abstracts.txt" listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). Copyright Notice Copyright (C) The Internet Society (1999). All Rights Reserved. 1. Introduction Router Requirements [1] specifies that routers must receive directed broadcasts, though it may contain configuration settings to disable this feature. While directed broadcasts have uses, their use on the Internet backbone appears to be comprised entirely of malicious attacks on other networks. Changing the required default for routers would help ensure new routers connected to the Internet do not add to the problems already present. 2. Discussion Damaging denial of service attacks led to the writing of [3] on Ingress Filtering. Many network providers and corporate networks have endorsed the use of these methods to ensure their networks are not the source of such attacks. Senie [Page 1] Internet-Draft Default Change for Directed Broadcast October 1998 A recent trend in Smurf Attacks [2] is to target networks which permit directed broadcasts from outside their networks. By permitting directed broadcasts, these systems become "Smurf Amplifiers." While the continued implementation of ingress filters remains the best way to limit these attacks, restricting directed broadcasts should also receive priority. 3. Recommendation Router Requirements [1] is updated as follows. Routers MUST NOT process packets which are addressed to directed broadcast addresses. Routers MAY provide a configuration option to enable the processing of directed broadcasts for those situations and applications where this is required. Network service providers and corporate network operators are urged to ensure their networks are not susceptible to directed broadcast packets originating outside their networks. 4. Security Considerations The goal of this document is to reduce the efficacy of certain types of denial of service attacks. 5. References [1] F. Baker, "Requirements for IP Version 4 Routers", RFC1812, June 1995. [2] See the pages by Craig Huegen at: http://www.quadrunner.com/~chuegen/smurf.txt. [3] P. Ferguson, D. Senie, "Ingress Filtering", RFC 2267, January 1998. 6. Author's Address Daniel Senie Amaranth Networks Inc. 324 Still River Road Bolton, MA 01740 Phone: (978) 779-6813 EMail: dts@senie.com Senie [Page 2]