North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [nsp] known networks for broadcast ping attacks

  • From: Jeffrey S. Curtis
  • Date: Wed Jul 30 17:19:28 1997

Jay R. Ashworth writes:
}Ought IP stack implementations not to refuse to reply to ECHO_REQUEST
}packets with destination address which are broadcast addresses?

Why? It's a useful tool.

}Ok, yes, I know that CIDR makes this harder, but knowing which nets
}fall on non-octet boundaries is non-obvious, too, and this particular
}attack wasn't trying...

It's not hard - a host knows its own subnet mask and therefore can
calculate its broadcast address trivially (my IP address logical-AND
my subnet mask, plus all ones in the zero-portion of the mask).

}.255 is _always_ a broadcast address, no?

Wrong - consider what happens on nets whose subnet mask is less than
24 bits long (I have many such nets).  10.1.1.255 is a unicast host
address if the mask is /23, or /22, or...

Jeff
-- 
Jeffrey S. Curtis                      | Internetwork Manager
Argonne National Laboratory            | Email: [email protected]
9700 South Cass Avenue, ECT-221        | Voice: 630/252-1789
Argonne, IL 60439                      | Fax:   630/252-9689