[16181] in North American Network Operators' Group
Re: SMURF amplifier block list
daemon@ATHENA.MIT.EDU (Charley Kline)
Tue Apr 14 14:54:50 1998
To: Karl Denninger <karl@mcs.net>
cc: nanog@merit.edu
In-Reply-To: Your mail of Tue, 14 Apr 1998 11:15:03 -0500 ,
<19980414111503.06128@mcs.net>
From: kline@uiuc.edu (Charley Kline)
Date: Tue, 14 Apr 1998 13:42:40 -0400
In message <19980414111503.06128@mcs.net>, you wrote:
> Not often. Few people are actually supernetting within a given broadcast
> domain. There's still an awful lot of hardware that doesn't work right in
> that environment.
But subnets of class B's may be larger than /24 and have host numbers of
.255 and .0 in them. That's true all over this campus.
It may be reasonable to filter x.x.x.255 addresses from class C's or
/24 blocks, but you cannot filter all addresses that end in .255 without
filtering out a number of completely legitimate hosts.
> The larger problem is that subnetted /24s still are wide open. This kind of
> filter won't block anything from their broadcast addresses, since they're
> not the .255 address.
Indeed yes! There are also many subnets smaller than /24 where the
broadcast address does not end in .255 that would still be open for
smurfing even in the presence of this .255 filter.
The x.x.x.255 filter is an extremely bad idea.
/cvk
