[12145] in North American Network Operators' Group
Re: smurf's attack...
daemon@ATHENA.MIT.EDU (Michael K. Sanders)
Fri Sep 5 18:09:58 1997
To: d-nordlund@ukans.edu
cc: nanog@merit.edu
In-reply-to: Your message of "Fri, 05 Sep 1997 15:41:00 CST."
<F8F9425FD8@ccstaff.cc.ukans.edu>
Date: Fri, 05 Sep 1997 15:56:33 -0600
From: "Michael K. Sanders" <msanders@aros.net>
In message <F8F9425FD8@ccstaff.cc.ukans.edu>, DAVE NORDLUND writes:
>> Likewise, not all broadcast adresses necessarily end with .255,
>> so filtering .255 won't help anyway in the presence of something
>> like a /25 with a X.X.X.127 broadcast.
>
>Agreed but it is not easy for a hacker to determine CIDR masks. It
I'm sorry, but that's naive. Unless you've taken steps to prevent
it, or you're just lucky, it's trivial to find out a lot of
things. Your mail server, for example, has a mask of 0xFFFFFF00.
Another network at ukans.edu apparently has a mask of 0xFFFFFC00,
and another is 0xFFFFF800.
:: Mike ::
