Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: traffic filtering

  • From: John Kristoff
  • Date: Mon Jan 21 18:13:27 2002

Stephen Griffin wrote:
> I'm curious about how many networks completely filter all traffic to
> any ip address ending in either ".0" or ".255".

I've only heard of one other institution doing this.

> I'm curious because any network /0-/23,/31,/32 can legitimately have
> ip addresses in-use which end as such. /32's can obviously have (most) any ip
> address, since there is no notion of a network or broadcast address. /31
> doesn't have a directed broadcast. For /0-/23 only the first ".0" and the
> last ".255" correspond to reserved addresses. All of the intervening
> addresses are legal.

Right.  That is exactly why this is generally at least a silly, if not
bad idea.

> Is this type of filtering common? What alternate solutions are available

I don't think it is very common.  I'd be curious to hear otherwise.

> to mitigate (I'm assuming) concerns about smurf amplifiers, that still
> allow traffic to/from legitimate addresses. What rationale is used to

Devices that forward (routers) should provide mechanisms to disable the
forwarding of directed broadcasts.  See the following RFC:

> filter all traffic to network/broadcast addresses of /24 networks while
> ignoring network/broadcast of /25-/30? For that matter, what percentage
> of smurf amplifiers land on /24 boundaries?

Rationale?  Perhaps sites that only use /24 in their route tables have
that rationale?  Otherwise its probably due to a misunderstanding of IP


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.