SMURF amplifier block list

Mailman List Mirror (Read Only)
1

Not often. Few people are actually supernetting within a given broadcast
domain. There's still an awful lot of hardware that doesn't work right in
that environment.

But subnets of class B's may be larger than /24 and have host numbers of
.255 and .0 in them. That's true all over this campus.

It may be reasonable to filter x.x.x.255 addresses from class C's or
/24 blocks, but you cannot filter all addresses that end in .255 without
filtering out a number of completely legitimate hosts.

The larger problem is that subnetted /24s still are wide open. This kind of
filter won't block anything from their broadcast addresses, since they're
not the .255 address.

Indeed yes! There are also many subnets smaller than /24 where the
broadcast address does not end in .255 that would still be open for
smurfing even in the presence of this .255 filter.

The x.x.x.255 filter is an extremely bad idea.

/cvk

2

Just because the host addresses are theoretically valid doesn't mean
that using them is a good idea. Those two addresses constitute less
than 1% of a network's addresses, and are very simple to configure out
of your DHCP servers, etc.

Again, the likelihood that these addresses will cause problems or
experience connectivity issues is a far greater concern than the gain of
less than 1% of usable address space.

Sorry Charley :slight_smile:

Stephen

Charley Kline wrote: