traffic filtering

Stephen_Griffin · January 22, 2002, 4:48pm

In the referenced message, Walter Klomp said:

As far as I know .0 and .255 are network and broadcast addresses
respectively, NEVER should a workstation be configured on these addresses,
unless something drastically changed in the RFC's for IPv4 which I am not
aware of...

only on a /24. on /0 - /23 only the first .0 is network, and the last
.255 broadcast. on /25-/30 it depends on where the network begins and
ends. /31 has no directed broadcast. /32 is a single host and similarly
has no directed broadcast.

E.B_Dreger · January 22, 2002, 5:04pm

Date: Tue, 22 Jan 2002 11:48:52 -0500 (EST)
From: Stephen Griffin <stephen.griffin@rcn.com>

In the referenced message, Walter Klomp said:
> As far as I know .0 and .255 are network and broadcast addresses
> respectively, NEVER should a workstation be configured on these addresses,
> unless something drastically changed in the RFC's for IPv4 which I am not
> aware of...

CIDR

only on a /24. on /0 - /23 only the first .0 is network, and the last
.255 broadcast. on /25-/30 it depends on where the network begins and
ends. /31 has no directed broadcast. /32 is a single host and similarly
has no directed broadcast.

Or, put another way: Do the addresses in binary. Then convert
to dotted quad.

> I for one am filtering .0 and .255 at my border routers, and also rate
> limiting echo at a reasonable rate... and have never gotten a complaint
> about people not being able to reach or be reached...

Ughh. Take 10.0.0.0/22: What is 10.0.0.255? How about 10.0.1.0?

Misconfiguration like this is why I (and others) recommend not
using ...0 or ...255 addresses, even if valid.

As you (Stephen) pointed out, what about 172.16.16.16/29? The
smurf amplifiers there would be 172.16.16.16 and 172.16.16.23.
In incomplete C:

uint32_t ip_addr ;
uint32_t netmask ; /* assume that it's valid */

if ( 0 == (ip_addr & ~netmask) )
this_is_all_0s ;

if ( ~netmask == (ip_addr & ~netmask) )
this_is_all_1s ;

Eddy

Matthew_S_Hallacy1 · January 23, 2002, 1:36pm

Ughh. Take 10.0.0.0/22: What is 10.0.0.255? How about 10.0.1.0?

Misconfiguration like this is why I (and others) recommend not
using ...0 or ...255 addresses, even if valid.

[snip]

A quick look on IRC provides this:

146.172.78.255 ti511220a080-0255.bb.online.no
61.211.184.255 255.net061211184.t-com.ne.jp
24.127.52.255 we-24-127-52-255.we.mediaone.net
217.156.28.255 217.156.28.255
172.190.251.255 ACBEFBFF.ipt.aol.com
24.129.205.0 24.129.205.0
158.39.125.0 pc5000.ikt.ssin.no
146.172.31.0 ti121210a080-0768.bb.online.no
148.64.142.0 vsat-148-64-142-0.c7.sb7.mrt.starband.net
146.172.33.0 ti100710a080-0256.bb.online.no
66.110.162.0 adsl-66.110.162-0.globetrotter.net
146.172.33.0 ti100710a080-0256.bb.online.no
172.189.1.0 ACBD0100.ipt.aol.com

Granted, it's a small sample, but it proves that these [valid] addresses are
in widespread use, they do work, and there's no real reason to not use them..
Filtering on *.255 and *.0 won't catch the other broadcast/network addresses
on different subnet masks, and you wouldn't have to filter at all if the network
we properly configured =)