nanog mailing list archives

Re: traffic filtering

From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Tue, 22 Jan 2002 17:04:36 +0000 (GMT)

Date: Tue, 22 Jan 2002 11:48:52 -0500 (EST)
From: Stephen Griffin <stephen.griffin () rcn com>

In the referenced message, Walter Klomp said:

As far as I know .0 and .255 are network and broadcast addresses
respectively, NEVER should a workstation be configured on these addresses,
unless something drastically changed in the RFC's for IPv4 which I am not
aware of...


CIDR

only on a /24. on /0 - /23 only the first .0 is network, and the last
.255 broadcast. on /25-/30 it depends on where the network begins and
ends. /31 has no directed broadcast. /32 is a single host and similarly
has no directed broadcast.


Or, put another way:  Do the addresses in binary.  Then convert
to dotted quad.

I for one am filtering .0 and .255 at my border routers, and also rate
limiting echo at a reasonable rate... and have never gotten a complaint
about people not being able to reach or be reached...


Ughh.  Take 10.0.0.0/22: What is 10.0.0.255? How about 10.0.1.0?

Misconfiguration like this is why I (and others) recommend not
using ...0 or ...255 addresses, even if valid.

As you (Stephen) pointed out, what about 172.16.16.16/29?  The
smurf amplifiers there would be 172.16.16.16 and 172.16.16.23.
In incomplete C:

        uint32_t ip_addr ;
        uint32_t netmask ; /* assume that it's valid */

        if ( 0 == (ip_addr & ~netmask) )
                this_is_all_0s ;

        if ( ~netmask == (ip_addr & ~netmask) )
                this_is_all_1s ;


Eddy

---------------------------------------------------------------------------
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
---------------------------------------------------------------------------

Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist () brics com>
To: blacklist () brics com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <blacklist () brics com>, or you are likely to be blocked.

Current thread:

Re: traffic filtering, (continued)
- Re: traffic filtering Joe Abley (Jan 22)
  - Re: traffic filtering E.B. Dreger (Jan 22)
  - Re: traffic filtering J.F. Noonan (Jan 22)
    - Re: traffic filtering J.F. Noonan (Jan 22)
    - Re: traffic filtering Joe Abley (Jan 22)
    - Re: traffic filtering Jay Ford (Jan 24)
    - Re: traffic filtering Stephen J. Wilcox (Jan 24)
- Re: traffic filtering Stephen Griffin (Jan 24)
  - Re: traffic filtering Niels Bakker (Jan 27)
- Re: traffic filtering Stephen Griffin (Jan 22)
  - Re: traffic filtering E.B. Dreger (Jan 22)
    - Re: traffic filtering Matthew S. Hallacy (Jan 23)