North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: identify hostname

  • From: Roeland M.J. Meyer
  • Date: Thu Dec 03 03:50:58 1998

At 12:29 PM 12/1/98 -0700, Pete Kruckenberg wrote:
>On Tue, 1 Dec 1998, Alex P. Rudnev wrote:
>> > > UUnet uses ascend TNT's which they claim you cant filter 
>> > > directed-broadcast on. Ive ranted at them since October 20 to get this
>> > > serious security hole closed.
>> If they can't turn this off on ascend access server, they anyway can 
>> filter out broadcast addresses in their border routers (CISCO's) 
>> forwarding traffic to this access servers. The result is (almost) the 
>> same.
>Filtering broadcast addresses is pretty ugly. Consider that a single Class
>C broken down into /30's can have 64 broadcast addresses. Maybe if it was
>just filtering your own assigned subnets, it would be possible, but this
>also applies to customer-subnetted broadcast addresses, so you'd have to
>coordinate your filter with every one of your customers, every time they
>change subnets. Not impossible, but pretty close.

IFF they *only* sub-net into /30's and not have irreguilar sub-nets below
The best I can think of is to just cover your own subnets and let your
down-stream worry about theirs. Otherwise, it's no do-able, like you said.
Roeland M.J. Meyer, ISOC (InterNIC RM993) 
e-mail: <>
Internet phone:
Personal web pages: staff<>
Company web-site: <>
Who is John Galt?
"Atlas Shrugged" - Ayn Rand