nanog mailing list archives

Re: traffic filtering

From: Jim Segrave <jes () nl demon net>
Date: Tue, 22 Jan 2002 12:00:18 +0100


On Mon 21 Jan 2002 (18:46 -0500), Stephen Griffin wrote:


In the referenced message, Stephen Griffin said:


Hello,

I'm curious about how many networks completely filter all traffic to
any ip address ending in either ".0" or ".255".


Just to clarify, since a lot of the messages I'm receiving seem to indicate
I was unclear. I'm not trying to determine how I should filter. I'm
trying to determine how many other networks filter in such a manner that
traffic to/from legitimate hosts is blocked.

One solution, rather than completely filter particular ip addresses, is
to simply rate-limit either/both icmp echo request/icmp echo response
message types. This should allow these other networks the ability to
mitigate smurfs, while still allowing traffic from legitimate ip addresses.


We had to move some ADSL /32's off the .0 address because some idiots
out there were filtering on /24 boundaries. Demon never allocates
dialup /32's on .0 or .255, because there are misconfigured setups out
there.
 

-- 
Jim Segrave           jes () nl demon net

Current thread:

traffic filtering Stephen Griffin (Jan 21)
- Re: traffic filtering Jared Mauch (Jan 21)
  - Re: traffic filtering Jake Khuon (Jan 21)
  - Re: traffic filtering Stephen Griffin (Jan 21)
- Re: traffic filtering John Kristoff (Jan 21)
- Re: traffic filtering Stephen Griffin (Jan 21)
  - Re: traffic filtering Jim Segrave (Jan 22)
- Re: traffic filtering Avleen Vig (Jan 21)
- Re: traffic filtering Joe Abley (Jan 22)
  - Re: traffic filtering E.B. Dreger (Jan 22)
  - Re: traffic filtering J.F. Noonan (Jan 22)
    - Re: traffic filtering J.F. Noonan (Jan 22)
    - Re: traffic filtering Joe Abley (Jan 22)
    - Re: traffic filtering Jay Ford (Jan 24)
    - Re: traffic filtering Stephen J. Wilcox (Jan 24)
- Re: traffic filtering Stephen Griffin (Jan 24)
  - Re: traffic filtering Niels Bakker (Jan 27)

(Thread continues...)