[nsp] known networks for broadcast ping attacks

.255 is _always_ a broadcast address, no?

Uh, no. If the bit mask is smaller than /24, any given .255 address could
be legitimate.

RFC 917 and RFC 922 (admittedly old) suggest strongly that this isn't a
good idea; I'm still searching to find the reference I remember that
specifically deprecates it.

I guess it matters, since I'm not aware of routers that allow the
specification of filter rule addresses with /netsizes.

-- jra