[45205] in North American Network Operators' Group
Re: traffic filtering
daemon@ATHENA.MIT.EDU (Jim Segrave)
Tue Jan 22 06:01:39 2002
Date: Tue, 22 Jan 2002 12:00:18 +0100
From: Jim Segrave <jes@nl.demon.net>
To: Stephen Griffin <stephen.griffin@rcn.com>
Cc: nanog@merit.edu
Message-ID: <20020122120018.Z58250@jes.noc.nl.demon.net>
Reply-To: jes@nl.demon.net
Mail-Followup-To: Jim Segrave <jes@nl.demon.net>,
Stephen Griffin <stephen.griffin@rcn.com>, nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200201212346.SAA12907@elektra.ultra.net>; from "Stephen Griffin" on Mon 21 Jan 2002 (18:46 -0500)
Errors-To: owner-nanog-outgoing@merit.edu
On Mon 21 Jan 2002 (18:46 -0500), Stephen Griffin wrote:
>
> In the referenced message, Stephen Griffin said:
> >
> > Hello,
> >
> > I'm curious about how many networks completely filter all traffic to
> > any ip address ending in either ".0" or ".255".
>
> Just to clarify, since a lot of the messages I'm receiving seem to indicate
> I was unclear. I'm not trying to determine how I should filter. I'm
> trying to determine how many other networks filter in such a manner that
> traffic to/from legitimate hosts is blocked.
>
> One solution, rather than completely filter particular ip addresses, is
> to simply rate-limit either/both icmp echo request/icmp echo response
> message types. This should allow these other networks the ability to
> mitigate smurfs, while still allowing traffic from legitimate ip addresses.
We had to move some ADSL /32's off the .0 address because some idiots
out there were filtering on /24 boundaries. Demon never allocates
dialup /32's on .0 or .255, because there are misconfigured setups out
there.
--
Jim Segrave jes@nl.demon.net
