[EMAIL PROTECTED] wrote: > Solaris 9/10 ships with IPv6 processing of the routing header disabled > by default: > > # ndd /dev/ip6 ip6_forward_src_routed > 0 > > > ...and Solaris only implements processing for RHT0. > > Solaris 8 appears to be the only one with it enabled by default.
Although that is a partial step in the right direction, when the machine is used for forwarding packets, it still allows these packets to be forwarded. As such, when forwarding, the host still forward these malicious packets and even though this host on your network is correctly configured, other networks and hosts, which are not active enough in updating their configurations will make your host still be a part of a nice DoS attack as it will forward the malicious packets. Of course, when Transits filter them out these packets will be limited to the networks on the edges, which then usually is their own problem. The current Linux and FreeBSD patches also only _DISABLE_ processing, they still forward these packets on. I am recording all the implementations and how they handle RT0 on: http://www.sixxs.net/faq/connectivity/?faq=filters for updates/changes/comments etc, of course don't hesitate to yell. Greets, Jeroen
signature.asc
Description: OpenPGP digital signature
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------