Stephen Griffin wrote:
I'm curious about how many networks completely filter all traffic to any ip address ending in either ".0" or ".255".
I've only heard of one other institution doing this.
I'm curious because any network /0-/23,/31,/32 can legitimately have ip addresses in-use which end as such. /32's can obviously have (most) any ip address, since there is no notion of a network or broadcast address. /31 doesn't have a directed broadcast. For /0-/23 only the first ".0" and the last ".255" correspond to reserved addresses. All of the intervening addresses are legal.
Right. That is exactly why this is generally at least a silly, if not bad idea.
Is this type of filtering common? What alternate solutions are available
I don't think it is very common. I'd be curious to hear otherwise.
to mitigate (I'm assuming) concerns about smurf amplifiers, that still allow traffic to/from legitimate addresses. What rationale is used to
Devices that forward (routers) should provide mechanisms to disable the forwarding of directed broadcasts. See the following RFC: http://www.rfc-editor.org/rfc/rfc2644.txt
filter all traffic to network/broadcast addresses of /24 networks while ignoring network/broadcast of /25-/30? For that matter, what percentage of smurf amplifiers land on /24 boundaries?
Rationale? Perhaps sites that only use /24 in their route tables have that rationale? Otherwise its probably due to a misunderstanding of IP addressing. John