|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Smurfing
I don't think its possible since only the local router has exact information on the broadcast addresses it supports. Now on something like Mae-East, what is the deal if someone pings 192.41.177.255? -Deepak. On Fri, 13 Feb 1998, Steve Hultquist wrote: > Don't these answers answer a different question? Isn't the question how to > filter *outbound* attacks, not inbound ones? Filtering the inbound ones is > pretty easy on a Bay or anything with filters (drop packets bound for the > broadcast addresses). Filtering outbound is another story, especially with > CIDR. I would like to set up my routers to make sure I'm protecting as much > of the 'net as possible from attempts by my customers to do evil. However, > it's not clear to me how to do that. Does "no ip directed-broadcast" somehow > filter the *outbound* attacks or just the inbound ones? > -- > Steve Hultquist, Chief Technology Officer HSAnet > providing high-speed Internet access Boulder, Colorado > mailto:[email protected] +1.303.581.0800 http://www.HSAnet.net/ > > >
|