North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: identify hostname

  • From: Pete Kruckenberg
  • Date: Tue Dec 01 15:04:38 1998

On Tue, 1 Dec 1998, Alex P. Rudnev wrote:

> > > UUnet uses ascend TNT's which they claim you cant filter 
> > > directed-broadcast on. Ive ranted at them since October 20 to get this
> > > serious security hole closed.
> If they can't turn this off on ascend access server, they anyway can 
> filter out broadcast addresses in their border routers (CISCO's) 
> forwarding traffic to this access servers. The result is (almost) the 
> same.

Filtering broadcast addresses is pretty ugly. Consider that a single Class
C broken down into /30's can have 64 broadcast addresses. Maybe if it was
just filtering your own assigned subnets, it would be possible, but this
also applies to customer-subnetted broadcast addresses, so you'd have to
coordinate your filter with every one of your customers, every time they
change subnets. Not impossible, but pretty close.