|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: traffic filtering
> Date: Tue, 22 Jan 2002 11:48:52 -0500 (EST) > From: Stephen Griffin <[email protected]> > In the referenced message, Walter Klomp said: > > As far as I know .0 and .255 are network and broadcast addresses > > respectively, NEVER should a workstation be configured on these addresses, > > unless something drastically changed in the RFC's for IPv4 which I am not > > aware of... CIDR > only on a /24. on /0 - /23 only the first .0 is network, and the last > .255 broadcast. on /25-/30 it depends on where the network begins and > ends. /31 has no directed broadcast. /32 is a single host and similarly > has no directed broadcast. Or, put another way: Do the addresses in binary. Then convert to dotted quad. > > I for one am filtering .0 and .255 at my border routers, and also rate > > limiting echo at a reasonable rate... and have never gotten a complaint > > about people not being able to reach or be reached... Ughh. Take 10.0.0.0/22: What is 10.0.0.255? How about 10.0.1.0? Misconfiguration like this is why I (and others) recommend not using ...0 or ...255 addresses, even if valid. As you (Stephen) pointed out, what about 172.16.16.16/29? The smurf amplifiers there would be 172.16.16.16 and 172.16.16.23. In incomplete C: uint32_t ip_addr ; uint32_t netmask ; /* assume that it's valid */ if ( 0 == (ip_addr & ~netmask) ) this_is_all_0s ; if ( ~netmask == (ip_addr & ~netmask) ) this_is_all_1s ; Eddy --------------------------------------------------------------------------- Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence --------------------------------------------------------------------------- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[email protected]> To: [email protected] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[email protected]>, or you are likely to be blocked.
|