Home page logo

nanog logo nanog mailing list archives

Re: Reporting Little Blue Men
From: "Jay R. Ashworth" <jra () scfn thpl lib fl us>
Date: Thu, 22 Jan 1998 19:09:47 -0500

On Thu, Jan 22, 1998 at 10:21:46AM -0800, Justin W. Newton wrote:
At 11:41 AM 1/22/98 -0500, Eric Osborne wrote:
In other words, I can't prevent my customers from sending packets to
a broadcast address, esp. on a subnet smaller than /24.  You might be
able to block outgoing packets for destination x.y.z.255, but if you've got
a mask >/24 (/23, etc..), couldn't .255 be a valid host address?

Yes, it could be, actually.  I tried to use it as WAN pool address once
though and it horrendously confused the RAS, as well as several UNIX boxen
on the network.

Yes, it could be, but let's remember; isn't the smurf attack the one
that _depends_ on a forged _source_ IP address in order to "work"?

-- jra
Jay R. Ashworth                                                jra () baylink com
Member of the Technical Staff             Unsolicited Commercial Emailers Sued
The Suncoast Freenet      "Two words: Darth Doogie."  -- Jason Colby,
Tampa Bay, Florida             on alt.fan.heinlein              +1 813 790 7592

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]