[c-nsp] Loopback IP set to .255 - 6500 responds to ICMP echo-request from wrong interface

Mohamed Touré mohamed.toure at secresys.com
Sun Jan 1 05:16:29 EST 2012


Hi

For "security reasons" (Smurf attacks ...) IP packets with destination of
classfull broadcast may be filtered by your upstream security devices if
any.

Mohamed


On 1 January 2012 10:05, Mikael Abrahamsson <swmike at swm.pp.se> wrote:

> On Sat, 31 Dec 2011, Eric Rosenberry wrote:
>
>  Under that logic, the .254 IP on the other router is also the broadcast
>> address since it is in a /32 subnet as well...
>>
>
> For laughs I tried to use the highest and lowest address of a class B
> network as loopback addresses. Some stuff will not work if you choose the
> highest or lowest address of a classful network, in your case class C.
>
> Either you start logging cases against this so they fix the code, or if
> you value your time, don't use these addresses (.0.0 and .255.255 on
> 128.0.0.0-191.255.255.255 and .0 and .255 of 192.0.0.0-223.255.255.255).
>
> I would imagine the same problem exists with .0.0.0 and .255.255.255 in
> class A space.
>
> --
> Mikael Abrahamsson    email: swmike at swm.pp.se
>
> ______________________________**_________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
> archive at http://puck.nether.net/**pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
>



-- 
Mohamed Touré
06 38 62 99 07


More information about the cisco-nsp mailing list