[12151] in North American Network Operators' Group
Re: smurf's attack...
daemon@ATHENA.MIT.EDU (Wayne Bouchard)
Fri Sep 5 23:03:34 1997
From: Wayne Bouchard <web@typo.org>
To: phil@charon.milepost.com (Phil Howard)
Date: Fri, 5 Sep 1997 19:52:40 -0700 (MST)
Cc: randy@psg.com, nanog@merit.edu
In-Reply-To: <199709052112.QAA07385@charon.milepost.com> from "Phil Howard" at Sep 5, 97 04:12:16 pm
> Randy Bush writes...
>
> > > access-list XXX deny ip any 0.0.0.255 255.255.255.0
> >
> > You must be kidding. Why not
> >
> > access-list XXX deny ip any 0.0.0.42 255.255.255.0
>
> I like...
>
> access-list XXX deny ip any 0.0.0.1 255.255.255.254
Okay... trying to access 10.10.10.1.. Oops..
The first example is okay if its "deny icmp" instead of "deny
ip". That still allows traffic to reach those hosts, just doesn't let
ICMP through.
Although 255 is a valid IP address, its use is, in my view,
limited. Denying ICMP packets to those hosts may be considered an
acceptable sacrafice by many.
----------------------------------------------------------------------
Wayne Bouchard GlobalCenter
web@primenet.com
Primenet Network Engineering Internet Solutions for
(602) 416-6422 800-373-2499 x6422 Growing Businesses
FAX: (602) 416-9422
http://www.primenet.com http://www.globalcenter.net
----------------------------------------------------------------------
