Date: Fri, 05 Sep 1997 14:04:17 -0600 From: "Michael K. Sanders" <msanders@aros.net> Subject: Re: smurf's attack... To: Jon Green <jcgreen@netins.net> Cc: "Jordyn A. Buchanan" <jordyn@bestweb.net>, nanog@merit.edu
In message <199709051945.OAA26522@worf.netins.net>, Jon Green writes:
On Fri, 5 Sep 1997 15:24:58 -0400, jordyn@bestweb.net writes:
access-list XXX deny ip any 0.0.0.255 255.255.255.0
Folks, this is a bad idea. There are lots of completely valid IP addresses out there that end in .255. True, most of them that end in .255 ARE broadcast addresses, but if people implement this kind of filtering on a large scale, it really breaks classless IP.
Likewise, not all broadcast adresses necessarily end with .255, so filtering .255 won't help anyway in the presence of something like a /25 with a X.X.X.127 broadcast.
Agreed but it is not easy for a hacker to determine CIDR masks. It is my impression that the only thing being sent is classfull broadcasts.
Dave Nordlund d-nordlund@ukans.edu University of Kansas 913/864-0450 Computing Services FAX 913/864-0485 Lawrence, KS 66045 KANREN