SMURF amplifier block list

jlixfeld at jlixfeld at
Fri Apr 17 19:32:35 UTC 1998

Anyone mind sharing that conversation?

On Wed, 15 Apr 1998, James R. Cutler wrote:

:I now understand the confusion -- You are speaking of the
:dotted decimal representation of the 32 bit IP address without
:regard to masking.  I am speaking of the masked address which
:results in a (mask length) network number part and a 
:(32 - mask length) host number.  This means you think of
:address components as octets (bytes) and I think of the 
:effective network number and the effective host number, the
:sizes of which are determined only by the mask. 
:Or another way to this is that the routers and hosts do not
:see the dotted notation except in the configuration dialogs.
:Internal to the routing processes the effective network
:number determines the routing between subnets and a broadcast
:address is any address where the host number is all ones.
:Another way to look at this is to say you are thinking about
:IP addressing in a "classful" manner whilst I am speaking in
:a "classless" manner. Believe me, the transition from classful 
:to classless thinking in IP addressing is not an easy thing. 
:None of the RFCs are simple to understand.
:So, I guess I'm not in trouble after all.
:	JimC
:At 8:49 PM -0400 4/14/98, Jay R. Ashworth wrote:
:>On Tue, Apr 14, 1998 at 04:52:06PM -0400, James R. Cutler wrote:
:>> I have a B assignment.  I have switched infrastructure segments
:>> with /22 masking.  Do you mean to say that the host number
:>> range on each /22 masked segment is not continuous 1 through 1022,
:>> but has several holes instead.? The network seems to be working
:>> properly.  I may be in big trouble!
:>> None of my TCP/IP courses or books or Cisco CDs have prepared me for 
:>> such a surprise.  Please point me to a text which will explain this.  
:>None of my study of TCP in the past 5 years has prepared me for the
:>idea that someone might think that any component of an IP address might
:>be greater than 255.  They're decimal representations of _8 bit_
:>No matter _where_ the net/subnet break is, you _still_ _write_ them as
:>Yes, conceptually, you might _read_ the addresses that way, but I'm 
:>pretty sure that not one piece of equipment you own will let you
:>_write_ them that way, will they?
:>Now, to get back to the conversation at hand: the proposition was that
:>blocking ingress to addresses ending in .255 makes it much more
:>difficult for your network to be used as a "smurf amplifier" (and if
:>you don't know what that is, you haven't been following the discussin
:>(and links) on this list in the last month or 3).
:>Yes, if you have internal networks larger than a /24, then that means
:>you'll lose extra addresses if you do this.
:>The point is that if you _don't_ avoid using host addresses that end in
:>.255 _whether that address is a broadcast address based on your netmask
:>or not_, then you're likely to find yourself with hosts that either can't
:>talk, or can't be talked _to_.
:>Now have I made myself clear?
:>-- jra
:>Jay R. Ashworth                                                jra at
:>Member of the Technical Staff             Unsolicited Commercial Emailers Sued
:>The Suncoast Freenet      "Two words: Darth Doogie."  -- Jason Colby,
:>Tampa Bay, Florida             on             +1 813 790 7592
:>Managing Editor, Top Of The Key sports e-zine ------------
:James R. Cutler
:EDS , 800 Tower Drive, Troy, MI 48098
:Phone: +1 248 265 7514   FAX: +1 248 265 7514
:EDS Internal Web: <>
:World Wide Web: <>


Jason A. Lixfeld             jlixfeld at
iDirect Network Operations   jlixfeld at

TUCOWS Interactive Ltd. o/a  | "A Different Kind of Internet Company"
Internet Direct Canada Inc.  | "FREE BANDWIDTH for Toronto Area IAPs"
5415 Dundas Street West      |
Suite 301, Toronto Ontario   | (416) 236-5806	     (T)
M9B-1B5 CANADA               | (416) 236-5804        (F)

More information about the NANOG mailing list