SMURF amplifier block list

Charley Kline kline at uiuc.edu
Tue Apr 14 17:42:40 UTC 1998


In message <19980414111503.06128 at mcs.net>, you wrote:
> Not often.  Few people are actually supernetting within a given broadcast
> domain.  There's still an awful lot of hardware that doesn't work right in
> that environment.

But subnets of class B's may be larger than /24 and have host numbers of
.255 and .0 in them. That's true all over this campus.

It may be reasonable to filter x.x.x.255 addresses from class C's or
/24 blocks, but you cannot filter all addresses that end in .255 without
filtering out a number of completely legitimate hosts.


> The larger problem is that subnetted /24s still are wide open.  This kind of
> filter won't block anything from their broadcast addresses, since they're
> not the .255 address.

Indeed yes! There are also many subnets smaller than /24 where the
broadcast address does not end in .255 that would still be open for
smurfing even in the presence of this .255 filter.

The x.x.x.255 filter is an extremely bad idea.


/cvk



More information about the NANOG mailing list