|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Filtering ICMP (Was Re: SMURF amplifier block list)
On Mon, 20 Apr 1998, Mark Whitis wrote: > As an aside on the original topic, filtering on 0.0.0.255 mask 0.0.0.255 > is also irresponsible and never should have been suggested here. > The lame arguments that anyone who has a host in that range is > asking for trouble are specious; just because they may be adversely > affected by some clueless individual somewhere does not justify > your being clueless as well. Wholesale filtering of ?.?.?.255 is irresponsible but if you have downstream networks who are unable to block directed broadcasts then it is a reasonable stopgap measure to block ?.?.?.255 traffic in those downstream network blocks only. But at the same time you should *DEMAND* that the downstream customer's router vendor fix their broken equipment or else advertise that it is suitable only for use on networks that are not interconnected with the Internet. -- Michael Dillon - Internet & ISP Consulting http://www.memra.com - E-mail: michael@memra.com
|