[45191] in North American Network Operators' Group
Re: traffic filtering
daemon@ATHENA.MIT.EDU (John Kristoff)
Mon Jan 21 18:11:34 2002
Message-ID: <3C4CA002.467E17F3@depaul.edu>
Date: Mon, 21 Jan 2002 17:10:58 -0600
From: John Kristoff <jtk@depaul.edu>
Reply-To: jtk@aharp.is-net.depaul.edu
MIME-Version: 1.0
To: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Stephen Griffin wrote:
> I'm curious about how many networks completely filter all traffic to
> any ip address ending in either ".0" or ".255".
I've only heard of one other institution doing this.
> I'm curious because any network /0-/23,/31,/32 can legitimately have
> ip addresses in-use which end as such. /32's can obviously have (most) any ip
> address, since there is no notion of a network or broadcast address. /31
> doesn't have a directed broadcast. For /0-/23 only the first ".0" and the
> last ".255" correspond to reserved addresses. All of the intervening
> addresses are legal.
Right. That is exactly why this is generally at least a silly, if not
bad idea.
> Is this type of filtering common? What alternate solutions are available
I don't think it is very common. I'd be curious to hear otherwise.
> to mitigate (I'm assuming) concerns about smurf amplifiers, that still
> allow traffic to/from legitimate addresses. What rationale is used to
Devices that forward (routers) should provide mechanisms to disable the
forwarding of directed broadcasts. See the following RFC:
http://www.rfc-editor.org/rfc/rfc2644.txt
> filter all traffic to network/broadcast addresses of /24 networks while
> ignoring network/broadcast of /25-/30? For that matter, what percentage
> of smurf amplifiers land on /24 boundaries?
Rationale? Perhaps sites that only use /24 in their route tables have
that rationale? Otherwise its probably due to a misunderstanding of IP
addressing.
John
