|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: smurf's attack...
> Randy Bush writes... > > > > access-list XXX deny ip any 0.0.0.255 255.255.255.0 > > > > You must be kidding. Why not > > > > access-list XXX deny ip any 0.0.0.42 255.255.255.0 > > I like... > > access-list XXX deny ip any 0.0.0.1 255.255.255.254 Okay... trying to access 10.10.10.1.. Oops.. The first example is okay if its "deny icmp" instead of "deny ip". That still allows traffic to reach those hosts, just doesn't let ICMP through. Although 255 is a valid IP address, its use is, in my view, limited. Denying ICMP packets to those hosts may be considered an acceptable sacrafice by many. ---------------------------------------------------------------------- Wayne Bouchard GlobalCenter [email protected] Primenet Network Engineering Internet Solutions for (602) 416-6422 800-373-2499 x6422 Growing Businesses FAX: (602) 416-9422 http://www.primenet.com http://www.globalcenter.net ----------------------------------------------------------------------
|