Brett Frankenberger wrote:
:: Brandon Ross writes ::
Doing something like this, similar to the serveral suggestions to filter all .0 and .255 addresses, is an attempt to fix the symptom instead of the real problem.
So is forcing vendors to make the equivalent of "no ip directed-broadcast" the default. The problem is that dolts configure routers. The symptom is "ip directed-broadcast" is configured (or not unconfigured) where is shouldn't be.
Actually, several vendors came to the conclusion they should change the default on their own... But, as customers of the router and networking equipment vendors, the choice IS ultimately yours. If you have specific needs, then ask for them. If you feel that routers which can filter RFC1918 addresses at your peering points, at wire speed without croaking is important to you and your neighbor ISPs, then ask for it. Such things CAN be built, if someone expresses a desire to buy.
(For the record, I agree with you on blocking ICMPs and blocking .0/.255 ... both are bad ideas. But so is forcing vendors to violate the router requirements RFC. If we (the internet community) want directed broadcasts to be dropped by default, we should get off our collective duffs and change the RFC.)
On the subject of changing the RFC, I had been thinking about submitting a draft on this subject for a while, and did submit one yesterday. See <draft-senie-directed-broadcast-00.txt> on your favorite document mirror site. I guess that qualifies as getting off my duff. Please read the document and send me comments. Dan -- ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranthnetworks.com