> I think it may actually be that we do not want nodes to process > type 0 routing headers by default, but the network should pass them. > The reason for this is that the type 0 headers have useful applications > which could be secured by end hosts without getting the network > involved at all. Then end hosts that want to use the routing header > can, and those that don't are secure by default.
Then how would one deal with the "flux capacitor" attacks as described at CanSecWest? Eventually the bot herders will figure out how to use this and flatten a few networks with little effort. Also, combining ping-pong style RH0 attack with TCP handshake amplification (or any other reflected amplification attacks that reverse the source routing headers on reply and double or triple the number of packets) gives you an even bigger amplification, which could target the upstream routers of a victim network. This would probably work even better than smurf attacks did "back in the day" when one could still use them. Loose source routing is just a bad idea. Yeah, great for testing, but should be off by default on everything. This lesson was learned long ago, why are we repeating the same mistakes? That's my $0.02. (Take it with a grain of salt, since I'm no networking expert.) cheers, tim -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
