Re: SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!!
Phillip Vandry <vandry@Mlink.NET> writes: [...]
Every router on there has had directed broadcasts disabled for a long time. Only that network is a /25, so the broadcast address we are talking about is 205.236.182.127.
It turns out that not only does 205.236.182.255 unexpectedly function as an alternate broadcast address for this network, but it is unaffected by no ip directed-broadcast!!!
We've seen this type of behavior as well, and on larger networks than /24's. On one /18 that we have, someone was sending to xx.xx.255.255, and it was heading to the first /23 that was allocated out of that block. The customer that was lucky enough to be the recipient eventually had to explicitly deny the 255.255 address because no ip directed-broadcast didn't stop it. -- Matt Ranney - mjr@ranney.com Let's not let the students run the High School.
participants (1)
-
Matt Ranney