Jay R. Ashworth writes:
}Ought IP stack implementations not to refuse to reply to ECHO_REQUEST
}packets with destination address which are broadcast addresses?
Why? It's a useful tool.
}Ok, yes, I know that CIDR makes this harder, but knowing which nets
}fall on non-octet boundaries is non-obvious, too, and this particular
}attack wasn't trying...
It's not hard - a host knows its own subnet mask and therefore can
calculate its broadcast address trivially (my IP address logical-AND
my subnet mask, plus all ones in the zero-portion of the mask).
}.255 is _always_ a broadcast address, no?
Wrong - consider what happens on nets whose subnet mask is less than
24 bits long (I have many such nets). 10.1.1.255 is a unicast host
address if the mask is /23, or /22, or...
Jeff
Jay R. Ashworth writes:
}Ought IP stack implementations not to refuse to reply to ECHO_REQUEST
}packets with destination address which are broadcast addresses?
Why? It's a useful tool.
Well... I guess so.
}Ok, yes, I know that CIDR makes this harder, but knowing which nets
}fall on non-octet boundaries is non-obvious, too, and this particular
}attack wasn't trying...
It's not hard - a host knows its own subnet mask and therefore can
calculate its broadcast address trivially (my IP address logical-AND
my subnet mask, plus all ones in the zero-portion of the mask).
My point was that an outside attacker wouldn't be able to figure out
what your internal subnetting was, and therefore filtering other
broadcast addresses wasn't as important.
}.255 is _always_ a broadcast address, no?
Wrong - consider what happens on nets whose subnet mask is less than
24 bits long (I have many such nets). 10.1.1.255 is a unicast host
address if the mask is /23, or /22, or...
If you don't subnet, but do I not recall reading somewhere that octets
of .255 were deprecated in addresses if they were not intended to be
the broadcast address?
Cheers,
-- jra