traffic filtering

Joe Abley jabley at
Tue Jan 22 20:50:56 UTC 2002

On Tue, Jan 22, 2002 at 01:57:07PM -0600, J.F. Noonan wrote:
> On Tue, 22 Jan 2002 at 12:34pm Joe Abley wrote:
> > On Mon, Jan 21, 2002 at 05:53:16PM -0500, Stephen Griffin wrote:
> > > I'm curious about how many networks completely filter all traffic to
> > > any ip address ending in either ".0" or ".255".
> >
> > I heard recently that Windows 2000 will refuse to send packets
> > to addresses with the least-significant octet 255, if the most-
> > significant octet indicates the address lies in a pre-CIDR class
> > C. So, for example, would be unreachable from a
> > windows 2000 machine, regardless of the fact that it might be
> > a legitimate host numbered within
> Not true.  M$ is guilty of many evil things, but not this one.

I just tried this. This is not exhaustive. I may well have made
some kind of some screw-up. Interpret as you will. Contents may
have settled in transit.

  NetBSD 1.5.2 i386         FreeBSD 4.5-PRERELEASE
    |                         |
               Win2k SP3

I configured the following addresses:


FreeBSD box can ping FreeBSD box can ping
NetBSD box can ping NetBSD box can ping
(tcpdump shows the NetBSD box is using a source of for
these pings).

Win2k box can ping Win2k box can ping
Win2k cannot ping


  Pinging with 32 bytes of data:

  Request timed out.
  Request timed out.
  Request timed out.
  Request timed out.

  Ping statistics for
      Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 0ms, Maximum =  0ms, Average =  0ms


NetBSD box is receiving the requests, however, and replying to them.
tcpdump shows:

  15:30:39.753003 > icmp: echo request
  15:30:39.753307 > icmp: echo reply
  15:30:41.228742 > icmp: echo request
  15:30:41.229053 > icmp: echo reply
  15:30:42.230249 > icmp: echo request
  15:30:42.230555 > icmp: echo reply
  15:30:43.231735 > icmp: echo request
  15:30:43.232046 > icmp: echo reply

So, the Windows box seems to behave differently when dealing with
the particular address ending in 255 that I tried.

I guess the rule of thumb when numbering devices which need to
coexist with Windows is "avoid 255".


More information about the NANOG mailing list