nanog mailing list archives

Re: SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!!

From: Matt Ranney <mjr () ranney com>
Date: 30 Apr 1998 10:06:13 -0700

Phillip Vandry <vandry () Mlink NET> writes:

[...]

Every router on there has had directed broadcasts disabled for a long time.
Only that network is a /25, so the broadcast address we are talking about
is 205.236.182.127.

It turns out that not only does 205.236.182.255 unexpectedly function as
an alternate broadcast address for this network, but it is unaffected by
no ip directed-broadcast!!!


We've seen this type of behavior as well, and on larger networks than
/24's.  On one /18 that we have, someone was sending to xx.xx.255.255,
and it was heading to the first /23 that was allocated out of that
block.  The customer that was lucky enough to be the recipient
eventually had to explicitly deny the 255.255 address because no ip
directed-broadcast didn't stop it.
-- 
Matt Ranney - mjr () ranney com
Let's not let the students run the High School.

Current thread:

SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!! Martin, Christian (Apr 29)
- Re: SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!! Daniele Orlandi (Apr 30)
- Re: SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!! Phillip Vandry (Apr 30)
  - Re: SMURF AMPLIFIER BLOCK LIST -- VERY LARGE!!!!!!!!!!!!!!! Matt Ranney (Apr 30)