[OT-mask]
Gregory D Hough
mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org
Wed Feb 25 14:38:52 UTC 2004
Thanks Ya'll, I can see I'll need to learn more about CIDR notation.
On 02/24/2004 07:39:22 AM, Madison Kelly wrote:
> As
> for the rest of your question, could ask for clarity? I seem to be
> having trouble following the first part of your question.
>
> Madison
>
There weren't a first part, merely a cloudy, bereaved intro (see tail).
Ian Goldberg wrote:
> A 255 is a perfectly valid address.
In this case I thought so, but wasn't absolutely sure.
James Knott wrote:
> Perhaps I'm missing something here, but how does your example relate
> to your question?
<QUESTION_PARAPHRASE>
Bad guys often wear masks to hide their true identity. "I believe" the
same is true with badguysonline. So my question is when if ever should
there appear a 255 octet in a host address, and is it wise to do
anything but DROP these?
</QUESTION_PARAPHRASE>
Assuming (as it were) that the example was a broadcast address (which
it weren't), and I were to handle it with some form of REJECT (which I
was hesitant to do myself); what could happen? --Ian explained:
[quote]
Right now, pinging this address works fine, and I don't get the
multiple (DUP!) replies I would expect if it were a broadcast address
[actually, I'd probably expect no reply at all, since broadcast pings
are usually firewalled]. So I would bet that that network is a /20 or
something
Robert Brockway wrote:
I think what Gregory is asking is could the address listed here be a
normal host or it is definitely a broadcast address. As per Ian's
answer, for any network larger than a /24 it is permissible to have
host addresses with the last byte being 255 [1]. The highest address in
the subnet will still be a broadcast address of course.
Thanks for the clarification Rob, I wish I had heard your talk on this
subject.
OT banter follows...stop here if'n you have more important things to
do.
"badguysonline" -- I cannot define it any other way. I only know what
I'm seeing directed at my obviously misconfigured network is not nice.
It's not abnormal when one chooses to use the internet, to have one's
machine(s) probed and prodded like average cattle. I accept that as a
WAN fact. As a farmer though, it is my duty to protect my herd, not
only from rustlers but from themselves as well. A wise rancher removes
the potentially dangerous horns from his beasts that they not injure
each other. It is also prudent to have a secure perimeter to keep the
beasts in good pasture as they graze and chew their cud (read browse,
blog and eat cookies). Maybe a little squid in the rudiment would help.
What concerns me are not the random scans and probes for open ports
running common services. I am worried about the coordinated
"enumeration profiling"...for lack of a better term...directed at my
address. I am not referring to any "afterglow" experienced for a short
time after receiving a new dynamically assigned address. I am talking
about specific traffic from a dozen or so creeps or perhaps one creep
using a dozen or so IP's. I assume the creep(s) will not go away
anytime soon, so I'm forced into doing more homework.
This list has been very helpful to me in the last few years, for that
I'm eternally grateful...I'm quite sure with your help and a little
more effort on my part, I can hold the bandanna's at bay. The challenge
for me however, is demonstrating in no uncertain terms, the Linux
specific parameters being used to keep any future discussions On-Topic!
Regards,
farmer6re9
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list