nanog mailing list archives

Re: smurf's attack...


From: DAVE NORDLUND <nordlund () ccstaff cc ukans edu>
Date: Fri, 5 Sep 1997 15:41:00 CST-600

Date:          Fri, 05 Sep 1997 14:04:17 -0600
From:          "Michael K. Sanders" <msanders () aros net>
Subject:       Re: smurf's attack...
To:            Jon Green <jcgreen () netins net>
Cc:            "Jordyn A. Buchanan" <jordyn () bestweb net>, nanog () merit edu

In message <199709051945.OAA26522 () worf netins net>, Jon Green writes:
On Fri, 5 Sep 1997 15:24:58 -0400, jordyn () bestweb net writes:

access-list XXX deny ip any 0.0.0.255 255.255.255.0

Folks, this is a bad idea.  There are lots of completely valid IP
addresses out there that end in .255.  True, most of them that
end in .255 ARE broadcast addresses, but if people implement this
kind of filtering on a large scale, it really breaks classless IP.

Likewise, not all broadcast adresses necessarily end with .255, 
so filtering .255 won't help anyway in the presence of something
like a /25 with a X.X.X.127 broadcast.

Agreed but it is not easy for a hacker to determine CIDR masks.  It
is my impression that the only thing being sent is classfull broadcasts.





Dave Nordlund               d-nordlund () ukans edu
University of Kansas        913/864-0450
Computing Services          FAX 913/864-0485
Lawrence, KS  66045         KANREN


Current thread: