North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: smurf's attack...

  • From: Michael K. Sanders
  • Date: Fri Sep 05 16:35:58 1997

In message <[email protected]>, Jon Green writes:
>On Fri, 5 Sep 1997 15:24:58 -0400, [email protected] writes:
>>access-list XXX deny ip any
>Folks, this is a bad idea.  There are lots of completely valid IP
>addresses out there that end in .255.  True, most of them that
>end in .255 ARE broadcast addresses, but if people implement this
>kind of filtering on a large scale, it really breaks classless IP.

Likewise, not all broadcast adresses necessarily end with .255, 
so filtering .255 won't help anyway in the presence of something
like a /25 with a X.X.X.127 broadcast.