[11493] in North American Network Operators' Group
Re: [nsp] known networks for broadcast ping attacks
daemon@ATHENA.MIT.EDU (Jon Lewis)
Wed Jul 30 18:08:23 1997
Date: Wed, 30 Jul 1997 17:38:12 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: "Jay R. Ashworth" <jra@scfn.thpl.lib.fl.us>
cc: nanog@merit.edu
In-Reply-To: <19970730164415.18302@scfn.thpl.lib.fl.us>
On Wed, 30 Jul 1997, Jay R. Ashworth wrote:
> .255 is _always_ a broadcast address, no?
What if you supernet multiple /24's into something larger (say a /21) for
an obnoxiously large flat network. You'd have multiple hosts with
x.y.z.255 addresses that were not broadcast addresses...no?
It probably only makes sense to filter broadcast targeted traffic coming
into your network, since you can only be sure what's a broadcast address
within your own net.
Somebody recently mentioned no ip directed-broadcast. That seems to stop
incoming packets for your broadcast address...so someone then can't use
your site as a ping amplifier to attack someone else by sending ping
packets to your broadcast address claiming a source address of the
intended victim. For similar reasons, I block udp chargen requests and
replies at our GNV border router.
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
________Finger jlewis@inorganic5.fdt.net for PGP public key_______
