North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: smurf amp nets, the registry (SAR)
On Tue, 16 Jun 1998, Paul Mansfield wrote: > On Mon, 15 Jun 1998, Oystein Homelien wrote: > > the prefix length is wrong, but in other cases i am at a loss - the hosts > > in the probed network actually seems to return more than one response per > > request. I have no idea why. We saw this with the 18.104.22.168/24 > > network, for instance (which has now been fixed). > > this could be because > a) there could be a 10.0 internal LAN remapped into a normal IP space? Actually this will happen if there's a private network on the same ethernet as a public network. For example, in Cisco parlance, the following config would do it: Ethernet0 ip address 10.0.0.1 255.255.255.0 secondary ip address 22.214.171.124 255.255.255.0 Since the broadcast to 126.96.36.199 gets sent to the all 1's MAC address, all the devices on that LAN respond, some of which are using the private IP space. Brandon Ross Network Engineering 404-815-0770 800-719-4664 Director, Network Engineering, MindSpring Ent., Inc. email@example.com AOL Instant Messenger: Brandon NR ICQ: 2269442 Stop Smurf attacks! Configure your router interfaces to block directed broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.