Re: traffic filtering

[John Kristoff <jtk () depaul edu>]

Stephen Griffin wrote:
> I'm curious about how many networks completely filter all traffic to
> any ip address ending in either ".0" or ".255".

I've only heard of one other institution doing this.

> I'm curious because any network /0-/23,/31,/32 can legitimately have
> ip addresses in-use which end as such. /32's can obviously have (most) any ip
> address, since there is no notion of a network or broadcast address. /31
> doesn't have a directed broadcast. For /0-/23 only the first ".0" and the
> last ".255" correspond to reserved addresses. All of the intervening
> addresses are legal.

Right.  That is exactly why this is generally at least a silly, if not
bad idea.

> Is this type of filtering common? What alternate solutions are available

I don't think it is very common.  I'd be curious to hear otherwise.

> to mitigate (I'm assuming) concerns about smurf amplifiers, that still
> allow traffic to/from legitimate addresses. What rationale is used to

Devices that forward (routers) should provide mechanisms to disable the
forwarding of directed broadcasts.  See the following RFC:

http://www.rfc-editor.org/rfc/rfc2644.txt

> filter all traffic to network/broadcast addresses of /24 networks while
> ignoring network/broadcast of /25-/30? For that matter, what percentage
> of smurf amplifiers land on /24 boundaries?

Rationale?  Perhaps sites that only use /24 in their route tables have
that rationale?  Otherwise its probably due to a misunderstanding of IP
addressing.

John