Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Headerissues]
Jeroen Massar <jeroen@unfix.org> Sun, 06 May 2007 12:21 UTC
Return-path: <ipv6-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HkfkT-0008Hz-Vn; Sun, 06 May 2007 08:21:57 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HkfkS-0008Hu-UJ for ipv6@ietf.org; Sun, 06 May 2007 08:21:56 -0400
Received: from purgatory.unfix.org ([2001:7b8:20d:0:290:27ff:fe24:c19f]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HkfkR-0003DY-BU for ipv6@ietf.org; Sun, 06 May 2007 08:21:56 -0400
Received: from [IPv6:2001:770:100:9e::2] (cl-159.dub-01.ie.sixxs.net [IPv6:2001:770:100:9e::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jeroen) by purgatory.unfix.org (Postfix) with ESMTP id 45504140C2F8; Sun, 6 May 2007 14:21:54 +0200 (CEST)
Message-ID: <463DC866.7010002@spaghetti.zurich.ibm.com>
Date: Sun, 06 May 2007 13:21:58 +0100
From: Jeroen Massar <jeroen@unfix.org>
Organization: Unfix
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Darren.Reed@Sun.COM
References: <463AD6C4.5070407@Sun.COM>
In-Reply-To: <463AD6C4.5070407@Sun.COM>
X-Enigmail-Version: 0.95.0
OpenPGP: id=333E7C23
X-Virus-Scanned: ClamAV 0.90.2/3212/Sun May 6 11:57:02 2007 on purgatory.unfix.org
X-Virus-Status: Clean
X-Spam-Score: -2.8 (--)
X-Scan-Signature: 5a9a1bd6c2d06a21d748b7d0070ddcb8
Cc: ipv6@ietf.org
Subject: Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Headerissues]
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2140212263=="
Errors-To: ipv6-bounces@ietf.org
Darren.Reed@Sun.COM wrote: > Solaris 9/10 ships with IPv6 processing of the routing header disabled > by default: > > # ndd /dev/ip6 ip6_forward_src_routed > 0 > > > ...and Solaris only implements processing for RHT0. > > Solaris 8 appears to be the only one with it enabled by default. Although that is a partial step in the right direction, when the machine is used for forwarding packets, it still allows these packets to be forwarded. As such, when forwarding, the host still forward these malicious packets and even though this host on your network is correctly configured, other networks and hosts, which are not active enough in updating their configurations will make your host still be a part of a nice DoS attack as it will forward the malicious packets. Of course, when Transits filter them out these packets will be limited to the networks on the edges, which then usually is their own problem. The current Linux and FreeBSD patches also only _DISABLE_ processing, they still forward these packets on. I am recording all the implementations and how they handle RT0 on: http://www.sixxs.net/faq/connectivity/?faq=filters for updates/changes/comments etc, of course don't hesitate to yell. Greets, Jeroen
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Darren.Reed
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jeroen Massar
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jeroen Massar
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Ebalard, Arnaud
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Iljitsch van Beijnum