Quoting fooler ([EMAIL PROTECTED]): > yes it is basically harmless in the sense that modern hosts are already > aware and protect themselves of this kind of attack... unfortunately, if > your network is sitting on a big pipe, the rapid speed of incoming illegal > packets destined to your network broadcast address will surely affects the > performance and speed not only to your hosts but also to your switch and > network bandwidth on that network segment... [snip]
Unfortunately^2, the number of possible distinct types of illegal packets is vast. From that perspective, attempting to block them all leads to excessive complexity and the likelihood of harmful ruleset errors, whereas attempting to block only a few of them doesn't buy you much. But certainly stopping broadcast ping, etc., is worthwhile -- if you still _have_ routers/hosts vulnerable to smurf attacks, and so on. I thought everyone set _defaults_ to drop those, some time last decade. (Related note: Stopping traffic-flooding DoS/DDoS attacks via IP filtering doesn't work in the general case. Too many different attack vectors and sources.) -- Cheers, The shortest distance between two puns is a straightline. Rick Moen [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
