> -----Original Message----- > From: Muhammad Naseer Bhatti [mailto:mail-listsat_private] > > And the list goes on .. The question I want to ask here, is the > network/router poorly configured at my NOC which is allowing > broadcasts/networks to pass through it? If so, how can I > assist them to fix > it? I am not a Cisco guru, so might need someone to give me > some hints so > that I can pass that to the poor NOC techs. Briefly, NO. (I'm going to suggest a possibility further down this message, but I wouldn't characterise its current behaviour as "poorly configured" -- it's pretty normal.) The definitions of broadcast and network addresses depend upon where the split is between the network and host portions of the address, which is pretty much private to the source network. (You can often make an educated guess by looking at routing tables from one hop away. Beyond that, you don't really know.) MOST net blocks these days are smaller than a Class B, so addresses in which the last two octets are ".0.0" are *likely* to be network addresses. Your NOC guys *could* block those in an access list by wildcarding the first two octets (e.g., wildcard mask = 255.255.0.0). The risk that this would block any legitimate user is very tiny. It won't block all of your attackers, but it looks from your list like it might be enough to make a difference. David Gillett ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri May 23 2003 - 10:11:25 PDT