SMURF amplifier block list

James R. Cutler James.Cutler at
Wed Apr 15 11:11:16 UTC 1998


I now understand the confusion -- You are speaking of the
dotted decimal representation of the 32 bit IP address without
regard to masking.  I am speaking of the masked address which
results in a (mask length) network number part and a 
(32 - mask length) host number.  This means you think of
address components as octets (bytes) and I think of the 
effective network number and the effective host number, the
sizes of which are determined only by the mask. 

Or another way to this is that the routers and hosts do not
see the dotted notation except in the configuration dialogs.
Internal to the routing processes the effective network
number determines the routing between subnets and a broadcast
address is any address where the host number is all ones.

Another way to look at this is to say you are thinking about
IP addressing in a "classful" manner whilst I am speaking in
a "classless" manner. Believe me, the transition from classful 
to classless thinking in IP addressing is not an easy thing. 
None of the RFCs are simple to understand.

So, I guess I'm not in trouble after all.



At 8:49 PM -0400 4/14/98, Jay R. Ashworth wrote:
>On Tue, Apr 14, 1998 at 04:52:06PM -0400, James R. Cutler wrote:
>> I have a B assignment.  I have switched infrastructure segments
>> with /22 masking.  Do you mean to say that the host number
>> range on each /22 masked segment is not continuous 1 through 1022,
>> but has several holes instead.? The network seems to be working
>> properly.  I may be in big trouble!
>> None of my TCP/IP courses or books or Cisco CDs have prepared me for 
>> such a surprise.  Please point me to a text which will explain this.  
>None of my study of TCP in the past 5 years has prepared me for the
>idea that someone might think that any component of an IP address might
>be greater than 255.  They're decimal representations of _8 bit_
>No matter _where_ the net/subnet break is, you _still_ _write_ them as
>Yes, conceptually, you might _read_ the addresses that way, but I'm 
>pretty sure that not one piece of equipment you own will let you
>_write_ them that way, will they?
>Now, to get back to the conversation at hand: the proposition was that
>blocking ingress to addresses ending in .255 makes it much more
>difficult for your network to be used as a "smurf amplifier" (and if
>you don't know what that is, you haven't been following the discussin
>(and links) on this list in the last month or 3).
>Yes, if you have internal networks larger than a /24, then that means
>you'll lose extra addresses if you do this.
>The point is that if you _don't_ avoid using host addresses that end in
>.255 _whether that address is a broadcast address based on your netmask
>or not_, then you're likely to find yourself with hosts that either can't
>talk, or can't be talked _to_.
>Now have I made myself clear?
>-- jra
>Jay R. Ashworth                                                jra at
>Member of the Technical Staff             Unsolicited Commercial Emailers Sued
>The Suncoast Freenet      "Two words: Darth Doogie."  -- Jason Colby,
>Tampa Bay, Florida             on             +1 813 790 7592
>Managing Editor, Top Of The Key sports e-zine ------------

James R. Cutler
EDS , 800 Tower Drive, Troy, MI 48098
Phone: +1 248 265 7514   FAX: +1 248 265 7514
EDS Internal Web: <>
World Wide Web: <>

More information about the NANOG mailing list