|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: traffic filtering
On Tue, Jan 22, 2002 at 05:04:36PM +0000, E.B. Dreger wrote: > > Ughh. Take 10.0.0.0/22: What is 10.0.0.255? How about 10.0.1.0? > > Misconfiguration like this is why I (and others) recommend not > using ...0 or ...255 addresses, even if valid. > [snip] A quick look on IRC provides this: 146.172.78.255 ti511220a080-0255.bb.online.no 61.211.184.255 255.net061211184.t-com.ne.jp 24.127.52.255 we-24-127-52-255.we.mediaone.net 217.156.28.255 217.156.28.255 172.190.251.255 ACBEFBFF.ipt.aol.com 24.129.205.0 24.129.205.0 158.39.125.0 pc5000.ikt.ssin.no 146.172.31.0 ti121210a080-0768.bb.online.no 148.64.142.0 vsat-148-64-142-0.c7.sb7.mrt.starband.net 146.172.33.0 ti100710a080-0256.bb.online.no 66.110.162.0 adsl-66.110.162-0.globetrotter.net 146.172.33.0 ti100710a080-0256.bb.online.no 172.189.1.0 ACBD0100.ipt.aol.com Granted, it's a small sample, but it proves that these [valid] addresses are in widespread use, they do work, and there's no real reason to not use them.. Filtering on *.255 and *.0 won't catch the other broadcast/network addresses on different subnet masks, and you wouldn't have to filter at all if the network we properly configured =) > > Eddy > -- Matthew S. Hallacy CACU, PWGCS, and BOFH Certified http://techmonkeys.org/~poptix GPG public key 0x01938203
|