|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: traffic filtering
Stephen Griffin wrote: > I'm curious about how many networks completely filter all traffic to > any ip address ending in either ".0" or ".255". I've only heard of one other institution doing this. > I'm curious because any network /0-/23,/31,/32 can legitimately have > ip addresses in-use which end as such. /32's can obviously have (most) any ip > address, since there is no notion of a network or broadcast address. /31 > doesn't have a directed broadcast. For /0-/23 only the first ".0" and the > last ".255" correspond to reserved addresses. All of the intervening > addresses are legal. Right. That is exactly why this is generally at least a silly, if not bad idea. > Is this type of filtering common? What alternate solutions are available I don't think it is very common. I'd be curious to hear otherwise. > to mitigate (I'm assuming) concerns about smurf amplifiers, that still > allow traffic to/from legitimate addresses. What rationale is used to Devices that forward (routers) should provide mechanisms to disable the forwarding of directed broadcasts. See the following RFC: http://www.rfc-editor.org/rfc/rfc2644.txt > filter all traffic to network/broadcast addresses of /24 networks while > ignoring network/broadcast of /25-/30? For that matter, what percentage > of smurf amplifiers land on /24 boundaries? Rationale? Perhaps sites that only use /24 in their route tables have that rationale? Otherwise its probably due to a misunderstanding of IP addressing. John
|