|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: smurf's attack...
In message <[email protected]>, Jon Green writes: >On Fri, 5 Sep 1997 15:24:58 -0400, [email protected] writes: > >>access-list XXX deny ip any 0.0.0.255 255.255.255.0 > >Folks, this is a bad idea. There are lots of completely valid IP >addresses out there that end in .255. True, most of them that >end in .255 ARE broadcast addresses, but if people implement this >kind of filtering on a large scale, it really breaks classless IP. Likewise, not all broadcast adresses necessarily end with .255, so filtering .255 won't help anyway in the presence of something like a /25 with a X.X.X.127 broadcast.
|