Hi,
Le 13 juin 07 à 19:53, Rémi Denis-Courmont a écrit :
> Le mercredi 13 juin 2007, Thomas Narten a écrit :
>> To be clear, if even a small fraction of firewalls get deployed that
>> just block all traffic with a RH, MIPv6 breaks and becomes
>> undeployable in practice. For EVERYONE!
>
> The ans
Hello,
Le 8 juin 07 à 04:40, Joe Abley a écrit :
> My understanding of the CanSecWest authors' thinking with respect to
> this particular technique is that the number of (A, B) waypoints in
> the RH0 header would be varied such that for every one packet that
> entered the A-B cyclotron, you could
Hi,
Le 7 juin 07 à 01:31, Tony Hain a écrit :
> There is no 'amplification', so the abstract is just wrong.
No, you are wrong. At least, read that :
http://www1.ietf.org/mail-archive/web/ipv6/current/msg07331.html
> The best this can do is route a single stream around policy;
Again, wrong.
> a
Hi again,
Le 4 juin 07 à 18:34, Vishwas Manral a écrit :
> You nearly got it right. Only small thing however is such packets will
> be rate limited to the CPU (software), so we will drop all packets not
> conforming to the rate limiting.
The packets you want to rate limit are the one addressed t
Hi Vishwas,
Le 4 juin 07 à 04:20, Vishwas Manral a écrit :
> The idea is that for every router the packet goes through, we need to
> check the IP address of all the interface addresses, and make sure
> that the none of the interface address either before or after in the
> source routing header ma
Hello,
Le 29 mai 07 à 17:08, JINMEI Tatuya / 神明達哉 a écrit :
> At Mon, 28 May 2007 17:03:47 -0400,
> Joe Abley <[EMAIL PROTECTED]> wrote:
>
>> I have made some edits. Note that I am hoping to reach consensus on
>> the changes to -00 which will produce -01 so that once -01 is
>> submitted, it is re
Hi,
Le 14 mai 07 à 22:12, Brian Haberman a écrit :
> Please make any issues/problems you may have with this approach
> known to either the mailing list or the chairs directly.
The following point is being discussed off-list and there is
certainly interest in having a clear statement on th
Oy,
Le 13 mai 07 à 18:10, Iljitsch van Beijnum a écrit :
> On 8-mei-2007, at 21:00, Tim Enos wrote:
>
>> I would also prefer that RH0 be silently dropped but could live
>> with an ICMPv6 error message being sent back to the sending host
>
> Why is everyone so in love with silently dropping?
> Thi
Le 11 mai 07 à 23:18, David Malone a écrit :
> On Fri, May 11, 2007 at 02:16:41PM +0200, Guillaume Valadon /
> wrote:
>> Except some custom-made traceroute6 and KAME's implementation, I am
>> not aware of such usage of RH0. What I mean here, is that deprecating
>
>> RH0
Le 11 mai 07 à 07:52, David Malone a écrit :
> On Fri, May 11, 2007 at 11:16:49AM +0900, JINMEI Tatuya / [EMAIL
> PROTECTED]@C#:H
> wrote:
>> I believe we should rather return an ICMPv6 error. Even if we decide
>> to deprecate type0 RH, there will be many non-updated systems for a
>> certain pe
Le 11 mai 07 à 04:24, JINMEI Tatuya / 神明達哉 a écrit :
> Are you suggesting the following part should apply regardless of the
> type of routing header?
>
> In particular, the value of the Segments Left field
> MUST not be considered.
>
> If so, I don't think the current rh0 draft could be inter
Oy,
Le 10 mai 07 à 16:49, Pekka Savola a écrit :
> On Thu, 10 May 2007, Jeroen Massar wrote:
>> As such, when you are a transit provider, and you have on the
>> edges of
>> your network some vulnerable hosts, those hosts can be used to apply
>> this attack to your network.
>>
>> The documentati
Le 10 mai 07 à 15:50, Brian Haberman a écrit :
> What happens if the packet is encrypted?
If you mean ESP-encrypted, ESP is "viewed as an end-to-end payload and
thus should appear after hop-by-hop, routing, and fragmentation
extension
headers". -- quoted from RFC 2406. Note that it is just a "
Oy,
Le 10 mai 07 à 09:00, Pekka Savola a écrit :
> In order to kickstart some discussion, here are two comments:
Good idea.
> 3. Implementation
>
>Compliant IPv6 hosts and routers MUST NOT transmit IPv6 datagrams
>containing RH0.
>
> ==> does 'transmit' include both 'originate' and 'fo
Le 1 mai 07 à 23:18, George V. Neville-Neil a écrit :
> Actually I like this solution.
>
> Now, not to beat a dead horse more, but when can a draft be set up to
> talk about this?
I would already have pushed a submission but I'm not familiar with
the associated IETF process. I suspect it will
Le 30 avr. 07 à 14:28, Pars Mutaf a écrit :
>>> - how many hops you can make w/ a packet sized 1280?
>
> Maybe I'm missing something, but the attacker wouldn't
> rather send millions of *very small* packets (to keep the
> routers busy) instead sending elephants??
This morning, just to test it o
Hi *,
Le 30 avr. 07 à 09:43, Pekka Savola a écrit :
> Some IPv4 perspective:
> --
>
> IPv4 specifications (RFC 1812) require source routing to be enabled on
> routers by default (a MUST). IPv4 hosts MAY process routing headers
> (RFC 1122) and there are some specifications wh
Hi Alun, Hi *,
Le 27 avr. 07 à 11:04, Alun Evans a écrit :
>> I would be interested in a list of cases FOR the Type 0 Routing
>> Header. If there are no good cases for it, it seems to me that
>> removing it is the best thing to do.
>
> I quite like traceroute for the return path.
>
> Which would
Hi *,
Le 26 avr. 07 à 02:39, Bob Hinden a écrit :
> [trimming this to just the IPv6 w.g.]
>
> We think the question for the IPv6 working group on this topic is
> does the working group want to do anything to address the issues
> raised about the Type 0 routing header. Possible actions include:
>
Le 7 sept. 05 à 13:17, Brian Haberman a écrit :
>
> On Sep 7, 2005, at 2:38, Ebalard, Arnaud wrote:
>
>
>>
>> Le 7 sept. 05 à 02:22, Bob Hinden a écrit :
>>
>> Bob,
>>
>>
>>> Section 2.4 defines the prefix (i.e., FE80::/10) that identifies
Le 7 sept. 05 à 02:22, Bob Hinden a écrit :
Bob,
> Section 2.4 defines the prefix (i.e., FE80::/10) that identifies
> the address as link-local addresses type and Section 2.5.6 defines
> the exact format (i.e., prefix, zeros, IID) of Link-Local addresses.
Yes, that's exactly the point! Sec
21 matches
Mail list logo