[LAC-TF] Fwd: Re: [v6ops] DoS attacks (ICMPv6-based) resulting from IPv6 EH drops

Alejandro Acosta alejandroacostaalamo at gmail.com
Thu Aug 21 23:45:00 BRT 2014


Hola Lista,
  Reenvio un mini-extracto de una discusion que esta muy activa en v6ops.
  Algo muy logico de no permitir una respuesta PTB indicando MTU < 1280.
  En lo personal me encanto la frase: "It does seem kind of silly that
we say "you must support MTU >= 1280 to run
 IPv6" and then allow PTB packets with an MTU < 1280"

Saludos,


-------- Mensaje original --------
Asunto: Re: [v6ops] DoS attacks (ICMPv6-based) resulting from IPv6 EH drops
Fecha: Wed, 20 Aug 2014 10:58:51 +1200
De: Brian E Carpenter <brian.e.carpenter at gmail.com>
Organización: University of Auckland
Para: Lorenzo Colitti <lorenzo at google.com>
CC: Fernando Gont <fgont at si6networks.com>, IPv6 Operations
<v6ops at ietf.org>, "opsec at ietf.org" <opsec at ietf.org>, 神明達哉
<jinmei at wide.ad.jp>

On 20/08/2014 10:29, Lorenzo Colitti wrote:
> On Tue, Aug 19, 2014 at 11:10 AM, Fernando Gont <fgont at si6networks.com>
> wrote:
> 
>> I must say that I fail to see the need for generating IPv6 atomic
>> fragments 8packets with a frag header, which are not really fragmented).
>> See e.g. what we wrote in
>> <
>> http://tools.ietf.org/html/draft-gont-6man-deprecate-atomfrag-generation-00
>>> .
> 
> It does seem kind of silly that we say "you must support MTU >= 1280 to run
> IPv6" and then allow PTB packets with an MTU < 1280. Any reason we can't
> simply say that PTB packets < 1280 are invalid?

Because of SIIT, that is equivalent to saying that the minimum IPv4
MTU is now 1260. That might be a discussion worth having, but 576 has
been around for a long time.

   Brian

_______________________________________________
v6ops mailing list
v6ops at ietf.org
https://www.ietf.org/mailman/listinfo/v6ops





More information about the LACTF mailing list