[16531] in North American Network Operators' Group
Re: SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!!
daemon@ATHENA.MIT.EDU (Matt Ranney)
Thu Apr 30 13:14:42 1998
To: nanog@merit.edu
From: Matt Ranney <mjr@ranney.com>
Date: 30 Apr 1998 10:06:13 -0700
In-Reply-To: Phillip Vandry's message of "Thu, 30 Apr 1998 11:08:43 -0400 (EDT)"
Phillip Vandry <vandry@Mlink.NET> writes:
[...]
> Every router on there has had directed broadcasts disabled for a long time.
> Only that network is a /25, so the broadcast address we are talking about
> is 205.236.182.127.
>
> It turns out that not only does 205.236.182.255 unexpectedly function as
> an alternate broadcast address for this network, but it is unaffected by
> no ip directed-broadcast!!!
We've seen this type of behavior as well, and on larger networks than
/24's. On one /18 that we have, someone was sending to xx.xx.255.255,
and it was heading to the first /23 that was allocated out of that
block. The customer that was lucky enough to be the recipient
eventually had to explicitly deny the 255.255 address because no ip
directed-broadcast didn't stop it.
--
Matt Ranney - mjr@ranney.com
Let's not let the students run the High School.
