On Thu, 10 May 2007, Jeroen Massar wrote:
As such, when you are a transit provider, and you have on the edges of
your network some vulnerable hosts, those hosts can be used to apply
this attack to your network.
The documentation should thus specify that, where possible, RH0 should
be filtered at customer borders.
Well, IMHO that's a bit unnecessary.
If you see packet ping-pong on the Internet, it's an indication that
ingress and egress filters haven't been adequately set up. Adding
those will stop your network's bandwidth being wasted.
Maybe this RH0 vulnerability will turn out for the good after all if
it means better BCP38/84 deployment :-)
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
