Hello,
i am wondering if it would be a security risk to generally allow ALL
limited broadcasts (255.255.255.255)?!
We have a heterogenous network with Linux (Firewalls, Mail/Proxy/Time/
etc-server), WinNT/W2k Clients & Servers and one AS/400 as server.
Now there is our internal firewall between the LANs and the DMZ.
At the moment i am blocking limited broadcasts, which breaks the
functionality of some windows stuff (SQL-Server, NetBIOS, SMB, ...).
So i allow this traffic "manually" with adding according rules to the
internal firewall.
Why am i blocking the limited broadcast? Because i was sniffing around
and found several "example scripts" which do this. The question is
if this is REALLY necessary and if someone could exploit a not blocked,
limited broadcast?
Just yesterday we connected a printer to our LAN, and now it is sending
limited broadcasts to UDP port 123?!? (it want's to know the time?? :))
However, it's kind of annoying to see those entries in the logfile now
every five minutes.. sure i could allow/drop this without logging,
but the question is - again :) - can't i just allow ALL limited broad-
casts on the internal firewall?
regards, Chris
