nanog mailing list archives
Re: SMURF amplifier block list
From: Dean Anderson <dean () av8 com>
Date: Sun, 19 Apr 1998 19:57:09 -0400
No, because you only want to stop the packets coming into the broadcast address, not the entire network. (You may want to block the entire network, say for security reasons, but that's a slightly different issue). I suspect that you are confused with the wildcarding. The second parameter is a mask for the first. All ones on the mask mean it matches exactly the first address. Leaving the last octet of the mask 0 means it matches all ip addresses that begin with x.y.z, including the broadcast address. --Dean At 6:46 PM -0400 4/19/98, jlixfeld () idirect ca wrote:
Uhmm, would the 255.255.255.255 wildcard not be 255.255.255.0? On Sat, 18 Apr 1998, Dean Anderson wrote: :Umm, I think this has already been hashed out. This is not the only netmask :on the planet, and you don't know what other networks netmasks are under :CIDR. Trying to guess the netmask just leads to breakage. : :All you want to do is stop packets coming in to your broadcast address. :For example, for your network x.y.z/n (n=24) with your broadcast address :of x.y.z.255: (I presume everyone can translate between CIDR notation and :dotted decimal ;-) : :deny ip any x.y.z.255 255.255.255.255 : :no ip directed broadcast basically puts in the same rule, but it does it :automatically by looking at the netmasks on the interfaces.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean () av8 com LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com We Make IT Fly! (617)242-3091 x246 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Current thread:
- Re: Filtering ICMP (Was Re: SMURF amplifier block list), (continued)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Pete Ashdown (Apr 24)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Richard Irving (Apr 24)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Brandon Ross (Apr 26)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Michael Dillon (Apr 24)
- Re: Filtering ICMP (Was Re: SMURF amplifier block list) Mark Whitis (Apr 26)
- Re: SMURF amplifier block list Dean Anderson (Apr 18)
- Re: SMURF amplifier block list Phil Howard (Apr 18)
- Message not available
- Re: SMURF amplifier block list Jay R. Ashworth (Apr 19)
- Re: SMURF amplifier block list Alex P. Rudnev (Apr 20)
- Re: SMURF amplifier block list jlixfeld (Apr 20)
- Re: SMURF amplifier block list Dean Anderson (Apr 19)
- Re: SMURF amplifier block list Jason Lixfeld (Apr 24)
- Re: SMURF amplifier block list Dean Anderson (Apr 24)
- Re: SMURF amplifier block list Stephen Sprunk (Apr 17)
- SMURF and spoofing: Important new information! Michael Dillon (Apr 17)
- Re: SMURF amplifier block list James R. Cutler (Apr 14)
- Message not available
- Re: SMURF amplifier block list Jay R. Ashworth (Apr 14)
- Message not available
- Re: SMURF amplifier block list Jay R. Ashworth (Apr 14)
- Re: SMURF amplifier block list Brett Frankenberger (Apr 14)
- Message not available
- Re: SMURF amplifier block list James R. Cutler (Apr 15)
- Re: SMURF amplifier block list jlixfeld (Apr 17)