Re: SMURF amplifier block list

[kline () uiuc edu (Charley Kline)]

In message <19980414111503.06128 () mcs net>, you wrote:
> Not often.  Few people are actually supernetting within a given broadcast
> domain.  There's still an awful lot of hardware that doesn't work right in
> that environment.

But subnets of class B's may be larger than /24 and have host numbers of
.255 and .0 in them. That's true all over this campus.

It may be reasonable to filter x.x.x.255 addresses from class C's or
/24 blocks, but you cannot filter all addresses that end in .255 without
filtering out a number of completely legitimate hosts.


> The larger problem is that subnetted /24s still are wide open.  This kind of
> filter won't block anything from their broadcast addresses, since they're
> not the .255 address.

Indeed yes! There are also many subnets smaller than /24 where the
broadcast address does not end in .255 that would still be open for
smurfing even in the presence of this .255 filter.

The x.x.x.255 filter is an extremely bad idea.


/cvk