IETF Logo Mail Archive

Re: [v6ops] [EXTERNAL] Re: [IPv6] [OPSEC] Why folks are blocking IPv6 extension headers? (Episode 1000 and counting) (Linux DoS)

"Manfredi (US), Albert E" <albert.e.manfredi@boeing.com> Thu, 25 May 2023 01:01 UTC

Return-Path: <albert.e.manfredi@boeing.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EA0FC15152F; Wed, 24 May 2023 18:01:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=boeing.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HfoUkQKKNdcG; Wed, 24 May 2023 18:01:18 -0700 (PDT)
Received: from ewa-mbsout-01.mbs.boeing.net (ewa-mbsout-01.mbs.boeing.net [130.76.20.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 052D8C15152E; Wed, 24 May 2023 18:01:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by ewa-mbsout-01.mbs.boeing.net (8.15.2/8.15.2/DOWNSTREAM_MBSOUT) with SMTP id 34P11Eul016599; Wed, 24 May 2023 18:01:15 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boeing.com; s=boeing-s1912; t=1684976476; bh=JutMHFHv+saiCD54CsFQc5XQpgzjrvQ22YdQ61k6x1s=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=LTw/5zbZYdAvduul20Rcc8a6CbPj0DvjPXCnRhbRDMNEGaXOYxrmgesx51RM1bhpU YYZpeM4TFUkjxfOm+qVu6wzERYiVfCMFD/23oTLFR23ccFp3vG3Vr/O2EwgmE3QGRy I5J7nRIYCm7zhJDavKkFV2Y8Y9DSWV6JqKq22ASD+uIdeqFfXIUUWDbIrkwwmhLX23 OB6NdecMYvdg2oKW0bWA0Nlc1Xy8iD4wkJZDbfBeZBgF2R9VJm7EeWfIv2fdcDdqf9 nHTzxATXJYIhRTLc/GJN+CrwPS//0imNEY/7ihr7jp2NdnKjAjrrzC8brJqO7pV9L8 iwyUIBFQ2j9vA==
Received: from XCH16-08-03.nos.boeing.com (xch16-08-03.nos.boeing.com [137.137.111.42]) by ewa-mbsout-01.mbs.boeing.net (8.15.2/8.15.2/8.15.2/UPSTREAM_MBSOUT) with ESMTPS id 34P11B8K016536 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 24 May 2023 18:01:11 -0700
Received: from XCH16-08-01.nos.boeing.com (137.137.111.40) by XCH16-08-03.nos.boeing.com (137.137.111.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.17; Wed, 24 May 2023 18:01:09 -0700
Received: from XCH16-08-01.nos.boeing.com ([fe80::e4ad:46fa:7f1a:20e4]) by XCH16-08-01.nos.boeing.com ([fe80::e4ad:46fa:7f1a:20e4%10]) with mapi id 15.01.2507.017; Wed, 24 May 2023 18:01:09 -0700
From: "Manfredi (US), Albert E" <albert.e.manfredi@boeing.com>
To: Fernando Gont <fgont@si6networks.com>
CC: IPv6 Operations <v6ops@ietf.org>, 6man <ipv6@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: [EXTERNAL] Re: [IPv6] [v6ops] [OPSEC] Why folks are blocking IPv6 extension headers? (Episode 1000 and counting) (Linux DoS)
Thread-Index: AQHZjqKY0YZ7vD5F0UKXOqjpIvkuvq9qKQ6w
Date: Thu, 25 May 2023 01:01:09 +0000
Message-ID: <72784f8e65f34bcc9f5652c0a553c70c@boeing.com>
References: <11087a11-476c-5fb8-2ede-e1b3b6e95e48@si6networks.com> <CALx6S343f_FPXVxuZuXB4j=nY-SuTEYrnxb3O5OQ3fv5uPwT8g@mail.gmail.com> <CAN-Dau1pTVr6ak9rc9x7irg+aLhq0N8_WOyySqx5Syt74HMX=g@mail.gmail.com> <a087b963-1e12-66bf-b93e-5190ce09914b@si6networks.com> <CALx6S349nNA8L5+_1hrbWayqp8GfTYypWy_SP57c_Xxams=csg@mail.gmail.com> <51a066b3-4b4c-d573-ffbe-d6b44a4f193f@gont.com.ar> <a411a1b0-c521-c456-3d44-d99a1cc0975b@gmail.com> <CWXP265MB5153E4687BE45480DBC5A531C2439@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <27d28224-0cb0-eec2-8d54-f0d175596c85@gmail.com> <f5758380-9967-b67b-744d-dc36b7b599ab@si6networks.com>
In-Reply-To: <f5758380-9967-b67b-744d-dc36b7b599ab@si6networks.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [144.115.204.6]
x-tm-snts-smtp: C91F573800BEF1A8A884F7D66A2453BA2DF022BC5611C187F579FF93312EFDFF2000:8
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/S2hgfr7HkH78SvDlGLCldjnq1bc>
Subject: Re: [v6ops] [EXTERNAL] Re: [IPv6] [OPSEC] Why folks are blocking IPv6 extension headers? (Episode 1000 and counting) (Linux DoS)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 May 2023 01:01:22 -0000

-----Original Message-----
From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Fernando Gont

> Given the amount of things that get connected to the Net (smart bulbs, refrigerators, etc.) -- and that will super-likely never receive security updates, you may have to **rely on your own network**.
>
> For instance, I wouldn't have my smart TV "defend itself".

Agreed, "on your own network." From the viewpoint of a household, whatever network defense has to be behind that household's router, for it to be credible, and preferably right in each host. Yeah, some IoT devices may not be updated regularly.

The ISP has to worry about protecting that ISP's own network. Households have to be responsible for protecting their household's network. (And connected TVs do get regular software updates, as a matter of fact.)

No one would trust their online banking transactions on an ISP's network protections, for example.

Bert

v2.23.0 | Report a Bug | By Email