Alternatively, a packet filter on boundary router blocking any IP packet destined to *.0 or *.255 would do the trink but you still need "no ip directed-broadcast" to deal with the directed broadcast originating from your internal network.
That can and will break access to hosts that are on /n networks where n!=0 mod 8, for example, 10.0.100.0 and 10.0.0.255 are perfectly valid host addresses in 10.0.0.0/8. -cw P.S. Alas, ot make matters worse, for machines (for example Suns boxes) still repond to *.255 pings even when they are on a (say) /21 network and shouldn't... -- Chris Wedgwood chris.wedgwood(a)clear.co.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog