North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: identify hostname
On Tue, 1 Dec 1998, Alex P. Rudnev wrote: > > > UUnet uses ascend TNT's which they claim you cant filter > > > directed-broadcast on. Ive ranted at them since October 20 to get this > > > serious security hole closed. > If they can't turn this off on ascend access server, they anyway can > filter out broadcast addresses in their border routers (CISCO's) > forwarding traffic to this access servers. The result is (almost) the > same. Filtering broadcast addresses is pretty ugly. Consider that a single Class C broken down into /30's can have 64 broadcast addresses. Maybe if it was just filtering your own assigned subnets, it would be possible, but this also applies to customer-subnetted broadcast addresses, so you'd have to coordinate your filter with every one of your customers, every time they change subnets. Not impossible, but pretty close. Pete.
|