[12136] in North American Network Operators' Group
Re: smurf's attack...
daemon@ATHENA.MIT.EDU (DAVE NORDLUND)
Fri Sep 5 16:55:22 1997
Date: Fri, 5 Sep 1997 15:41:00 CST-600
From: DAVE NORDLUND <nordlund@ccstaff.cc.ukans.edu>
In-reply-to: <199709052004.OAA15608@shell.aros.net>
To: nanog@merit.edu
Reply-to: d-nordlund@ukans.edu
> Date: Fri, 05 Sep 1997 14:04:17 -0600
> From: "Michael K. Sanders" <msanders@aros.net>
> Subject: Re: smurf's attack...
> To: Jon Green <jcgreen@netins.net>
> Cc: "Jordyn A. Buchanan" <jordyn@bestweb.net>, nanog@merit.edu
> In message <199709051945.OAA26522@worf.netins.net>, Jon Green writes:
> >On Fri, 5 Sep 1997 15:24:58 -0400, jordyn@bestweb.net writes:
> >
> >>access-list XXX deny ip any 0.0.0.255 255.255.255.0
> >
> >Folks, this is a bad idea. There are lots of completely valid IP
> >addresses out there that end in .255. True, most of them that
> >end in .255 ARE broadcast addresses, but if people implement this
> >kind of filtering on a large scale, it really breaks classless IP.
>
> Likewise, not all broadcast adresses necessarily end with .255,
> so filtering .255 won't help anyway in the presence of something
> like a /25 with a X.X.X.127 broadcast.
Agreed but it is not easy for a hacker to determine CIDR masks. It
is my impression that the only thing being sent is classfull broadcasts.
>
>
>
>
Dave Nordlund d-nordlund@ukans.edu
University of Kansas 913/864-0450
Computing Services FAX 913/864-0485
Lawrence, KS 66045 KANREN
