SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!!

Matt Ranney mjr at ranney.com
Thu Apr 30 17:06:13 UTC 1998


Phillip Vandry <vandry at Mlink.NET> writes:

[...]
> Every router on there has had directed broadcasts disabled for a long time.
> Only that network is a /25, so the broadcast address we are talking about
> is 205.236.182.127.
> 
> It turns out that not only does 205.236.182.255 unexpectedly function as
> an alternate broadcast address for this network, but it is unaffected by
> no ip directed-broadcast!!!

We've seen this type of behavior as well, and on larger networks than
/24's.  On one /18 that we have, someone was sending to xx.xx.255.255,
and it was heading to the first /23 that was allocated out of that
block.  The customer that was lucky enough to be the recipient
eventually had to explicitly deny the 255.255 address because no ip
directed-broadcast didn't stop it.
-- 
Matt Ranney - mjr at ranney.com
Let's not let the students run the High School.



More information about the NANOG mailing list