Home page logo

nanog logo nanog mailing list archives

Re: SMURF amplifier block list
From: "James R. Cutler" <James.Cutler () iscg eds com>
Date: Wed, 15 Apr 1998 07:11:16 -0400


I now understand the confusion -- You are speaking of the
dotted decimal representation of the 32 bit IP address without
regard to masking.  I am speaking of the masked address which
results in a (mask length) network number part and a 
(32 - mask length) host number.  This means you think of
address components as octets (bytes) and I think of the 
effective network number and the effective host number, the
sizes of which are determined only by the mask. 

Or another way to this is that the routers and hosts do not
see the dotted notation except in the configuration dialogs.
Internal to the routing processes the effective network
number determines the routing between subnets and a broadcast
address is any address where the host number is all ones.

Another way to look at this is to say you are thinking about
IP addressing in a "classful" manner whilst I am speaking in
a "classless" manner. Believe me, the transition from classful 
to classless thinking in IP addressing is not an easy thing. 
None of the RFCs are simple to understand.

So, I guess I'm not in trouble after all.



At 8:49 PM -0400 4/14/98, Jay R. Ashworth wrote:
On Tue, Apr 14, 1998 at 04:52:06PM -0400, James R. Cutler wrote:
I have a B assignment.  I have switched infrastructure segments
with /22 masking.  Do you mean to say that the host number
range on each /22 masked segment is not continuous 1 through 1022,
but has several holes instead.? The network seems to be working
properly.  I may be in big trouble!

None of my TCP/IP courses or books or Cisco CDs have prepared me for 
such a surprise.  Please point me to a text which will explain this.  

None of my study of TCP in the past 5 years has prepared me for the
idea that someone might think that any component of an IP address might
be greater than 255.  They're decimal representations of _8 bit_

No matter _where_ the net/subnet break is, you _still_ _write_ them as

Yes, conceptually, you might _read_ the addresses that way, but I'm 
pretty sure that not one piece of equipment you own will let you
_write_ them that way, will they?

Now, to get back to the conversation at hand: the proposition was that
blocking ingress to addresses ending in .255 makes it much more
difficult for your network to be used as a "smurf amplifier" (and if
you don't know what that is, you haven't been following the discussin
(and links) on this list in the last month or 3).

Yes, if you have internal networks larger than a /24, then that means
you'll lose extra addresses if you do this.

The point is that if you _don't_ avoid using host addresses that end in
.255 _whether that address is a broadcast address based on your netmask
or not_, then you're likely to find yourself with hosts that either can't
talk, or can't be talked _to_.

Now have I made myself clear?

-- jra
Jay R. Ashworth                                                jra () baylink com
Member of the Technical Staff             Unsolicited Commercial Emailers Sued
The Suncoast Freenet      "Two words: Darth Doogie."  -- Jason Colby,
Tampa Bay, Florida             on alt.fan.heinlein             +1 813 790 7592

Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com

James R. Cutler
EDS , 800 Tower Drive, Troy, MI 48098
Phone: +1 248 265 7514   FAX: +1 248 265 7514
EDS Internal Web: <http://www.iscg.eds.com/cutler/>
World Wide Web: <http://www.ltu.edu/midecus/dechtm/cutler/cutler.htm>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]