North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: identify hostname
At 12:29 PM 12/1/98 -0700, Pete Kruckenberg wrote: >On Tue, 1 Dec 1998, Alex P. Rudnev wrote: > >> > > UUnet uses ascend TNT's which they claim you cant filter >> > > directed-broadcast on. Ive ranted at them since October 20 to get this >> > > serious security hole closed. >> If they can't turn this off on ascend access server, they anyway can >> filter out broadcast addresses in their border routers (CISCO's) >> forwarding traffic to this access servers. The result is (almost) the >> same. > >Filtering broadcast addresses is pretty ugly. Consider that a single Class >C broken down into /30's can have 64 broadcast addresses. Maybe if it was >just filtering your own assigned subnets, it would be possible, but this >also applies to customer-subnetted broadcast addresses, so you'd have to >coordinate your filter with every one of your customers, every time they >change subnets. Not impossible, but pretty close. IFF they *only* sub-net into /30's and not have irreguilar sub-nets below that. The best I can think of is to just cover your own subnets and let your down-stream worry about theirs. Otherwise, it's no do-able, like you said. ___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:[email protected]>[email protected] Internet phone: hawk.mhsc.com Personal web pages: staff<http://www.mhsc.com/~rmeyer>.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com ___________________________________________________ Who is John Galt? "Atlas Shrugged" - Ayn Rand
|