IETF Logo Mail Archive

Re: [v6ops] [6MAN] Re: Limiting the size of the IPv6 header chain (draft-ietf-6man-oversized-header-chain)

Warren Kumari <warren@kumari.net> Tue, 11 June 2013 15:20 UTC

Return-Path: <warren@kumari.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EB2E21F99AB; Tue, 11 Jun 2013 08:20:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7JgwxA88WJwj; Tue, 11 Jun 2013 08:20:25 -0700 (PDT)
Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E8EA21F965B; Tue, 11 Jun 2013 08:20:25 -0700 (PDT)
Received: from [192.168.0.187] (unknown [64.13.52.115]) by vimes.kumari.net (Postfix) with ESMTPSA id E6C071B401CE; Tue, 11 Jun 2013 11:20:23 -0400 (EDT)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <m2y5agn0bm.wl%randy@psg.com>
Date: Tue, 11 Jun 2013 11:20:22 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <8DACCDCF-FDAF-461C-A833-BF5F3BED20AE@kumari.net>
References: <51B6876A.9020202@si6networks.com> <CAD6AjGRuSShUNWE=Dy_e+Y3sVAro-nwyvD8wYy11wN=MfsTXDg@mail.gmail.com> <51B69AB8.3080502@gmail.com> <CAD6AjGSf3LQjfiT-hmKdoDTGxjEQeVSRwUvRKehx=BpNASX7Ww@mail.gmail.com> <51B69FDB.1090809@gmail.com> <CAD6AjGRCKjY83-mD2EMh7bnENksE5AC5ecG5O7K_4H_7PyYW7w@mail.gmail.com> <9636419F-A126-4775-A6C9-3864F8C22323@puck.nether.net> <1370955414.21828.YahooMailNeo@web2802.biz.mail.ne1.yahoo.com> <m2y5agn0bm.wl%randy@psg.com>
To: Randy Bush <randy@psg.com>
X-Mailer: Apple Mail (2.1503)
Cc: IPv6 Deployment Prevention <ipv6@ietf.org>, IPv6 Ops WG <v6ops@ietf.org>
Subject: Re: [v6ops] [6MAN] Re: Limiting the size of the IPv6 header chain (draft-ietf-6man-oversized-header-chain)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 15:20:30 -0000

On Jun 11, 2013, at 11:17 AM, Randy Bush <randy@psg.com> wrote:

>> 2008?   RH0?   
>> Dudes, have we not moved beyond this?
> 

Nope, and we never will. It is really easy to send an RH0 packet -- if you were an attacker, why wouldn't you at least try it?!

> Jun 10 15:03:54 psg kernel: IPFW2: IPV6 - Unknown Extension Header(64), ext_hd=0
> 
> welcome to the operational internet
> 

Indeed.

W

> randy
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> 

--
I don't think the execution is relevant when it was obviously a bad idea in the first place.
This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. 
   ---maf

Warren Kumari
warren@kumari.net

v2.23.0 | Report a Bug | By Email