North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: identify hostname

  • From: Roeland M.J. Meyer
  • Date: Thu Dec 03 03:50:58 1998

At 12:29 PM 12/1/98 -0700, Pete Kruckenberg wrote:
>On Tue, 1 Dec 1998, Alex P. Rudnev wrote:
>
>> > > UUnet uses ascend TNT's which they claim you cant filter 
>> > > directed-broadcast on. Ive ranted at them since October 20 to get this
>> > > serious security hole closed.
>> If they can't turn this off on ascend access server, they anyway can 
>> filter out broadcast addresses in their border routers (CISCO's) 
>> forwarding traffic to this access servers. The result is (almost) the 
>> same.
>
>Filtering broadcast addresses is pretty ugly. Consider that a single Class
>C broken down into /30's can have 64 broadcast addresses. Maybe if it was
>just filtering your own assigned subnets, it would be possible, but this
>also applies to customer-subnetted broadcast addresses, so you'd have to
>coordinate your filter with every one of your customers, every time they
>change subnets. Not impossible, but pretty close.

IFF they *only* sub-net into /30's and not have irreguilar sub-nets below
that.
The best I can think of is to just cover your own subnets and let your
down-stream worry about theirs. Otherwise, it's no do-able, like you said.
___________________________________________________ 
Roeland M.J. Meyer, ISOC (InterNIC RM993) 
e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com
Internet phone: hawk.mhsc.com
Personal web pages: staff<http://www.mhsc.com/~rmeyer>.mhsc.com/~rmeyer
Company web-site: <http://www.mhsc.com/>www.mhsc.com
___________________________________________________ 
Who is John Galt?
"Atlas Shrugged" - Ayn Rand