[22000] in North American Network Operators' Group
Re: identify hostname
daemon@ATHENA.MIT.EDU (Pete Kruckenberg)
Tue Dec 1 15:02:37 1998
Date: Tue, 1 Dec 1998 12:29:15 -0700 (MST)
From: Pete Kruckenberg <pete@kruckenberg.com>
To: nanog@merit.edu
In-Reply-To: <Pine.SUN.3.91.981201142104.10807U-100000@virgin.relcom.eu.net>
On Tue, 1 Dec 1998, Alex P. Rudnev wrote:
> > > UUnet uses ascend TNT's which they claim you cant filter
> > > directed-broadcast on. Ive ranted at them since October 20 to get this
> > > serious security hole closed.
> If they can't turn this off on ascend access server, they anyway can
> filter out broadcast addresses in their border routers (CISCO's)
> forwarding traffic to this access servers. The result is (almost) the
> same.
Filtering broadcast addresses is pretty ugly. Consider that a single Class
C broken down into /30's can have 64 broadcast addresses. Maybe if it was
just filtering your own assigned subnets, it would be possible, but this
also applies to customer-subnetted broadcast addresses, so you'd have to
coordinate your filter with every one of your customers, every time they
change subnets. Not impossible, but pretty close.
Pete.
