Filtering ICMP (Was Re: SMURF amplifier block list)

• Previous message (by thread): Filtering ICMP (Was Re: SMURF amplifier block list)
• Next message (by thread): Filtering ICMP (Was Re: SMURF amplifier block list)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 20 Apr 1998, Mark Whitis wrote:

> As an aside on the original topic, filtering on 0.0.0.255 mask 0.0.0.255
> is also irresponsible and never should have been suggested here.
> The lame arguments that anyone who has a host in that range is
> asking for trouble are specious; just because they may be adversely
> affected by some clueless individual somewhere does not justify
> your being clueless as well.

Wholesale filtering of ?.?.?.255 is irresponsible but if you have
downstream networks who are unable to block directed broadcasts then it is
a reasonable stopgap measure to block ?.?.?.255 traffic in those
downstream network blocks only. But at the same time you should *DEMAND*
that the downstream customer's router vendor fix their broken equipment or
else advertise that it is suitable only for use on networks that are not
interconnected with the Internet.

--
Michael Dillon                   -               Internet & ISP Consulting
http://www.memra.com             -               E-mail: michael at memra.com

• Previous message (by thread): Filtering ICMP (Was Re: SMURF amplifier block list)
• Next message (by thread): Filtering ICMP (Was Re: SMURF amplifier block list)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]