Home page logo

nanog logo nanog mailing list archives

Re: [nsp] known networks for broadcast ping attacks
From: "Jeffrey S. Curtis" <curtis () anl gov>
Date: Wed, 30 Jul 1997 16:06:02 -0500

Jay R. Ashworth writes:
}Ought IP stack implementations not to refuse to reply to ECHO_REQUEST
}packets with destination address which are broadcast addresses?

Why? It's a useful tool.

}Ok, yes, I know that CIDR makes this harder, but knowing which nets
}fall on non-octet boundaries is non-obvious, too, and this particular
}attack wasn't trying...

It's not hard - a host knows its own subnet mask and therefore can
calculate its broadcast address trivially (my IP address logical-AND
my subnet mask, plus all ones in the zero-portion of the mask).

}.255 is _always_ a broadcast address, no?

Wrong - consider what happens on nets whose subnet mask is less than
24 bits long (I have many such nets). is a unicast host
address if the mask is /23, or /22, or...

Jeffrey S. Curtis                      | Internetwork Manager
Argonne National Laboratory            | Email: curtis () anl gov
9700 South Cass Avenue, ECT-221        | Voice: 630/252-1789
Argonne, IL 60439                      | Fax:   630/252-9689

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]