Likewise, not all broadcast adresses necessarily end with .255,
so filtering .255 won't help anyway in the presence of something
like a /25 with a X.X.X.127 broadcast.
Date: Fri, 05 Sep 1997 14:04:17 -0600
From: "Michael K. Sanders" <msanders@aros.net>
Subject: Re: smurf's attack...
To: Jon Green <jcgreen@netins.net>
Cc: "Jordyn A. Buchanan" <jordyn@bestweb.net>, nanog@merit.edu
>
>>access-list XXX deny ip any 0.0.0.255 255.255.255.0
>
>Folks, this is a bad idea. There are lots of completely valid IP
>addresses out there that end in .255. True, most of them that
>end in .255 ARE broadcast addresses, but if people implement this
>kind of filtering on a large scale, it really breaks classless IP.Likewise, not all broadcast adresses necessarily end with .255,
so filtering .255 won't help anyway in the presence of something
like a /25 with a X.X.X.127 broadcast.
Agreed but it is not easy for a hacker to determine CIDR masks. It
is my impression that the only thing being sent is classfull broadcasts.
Dave Nordlund d-nordlund@ukans.edu
University of Kansas 913/864-0450
Computing Services FAX 913/864-0485
Lawrence, KS 66045 KANREN
Likewise, not all broadcast adresses necessarily end with .255,
so filtering .255 won't help anyway in the presence of something
like a /25 with a X.X.X.127 broadcast.Agreed but it is not easy for a hacker to determine CIDR masks. It
is my impression that the only thing being sent is classfull broadcasts.
Further, smaller networks (which, theoretically speaking at least, have
fewer hosts) would be less useful in a smurf attack than larger ones, as
there would be less of a multiplying effect.
Jordyn