[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Limits of stealthing
Todd MacDermid <tmacd@synacklabs.net> writes:
> IMO, in an ideal world, all management traffic would take place out
> of band. That includes routing table data, active management, SNMP
> traps out, everything. The box, to an in-bound perspective, would simply
> be a bump in the wire, decrementing TTLs, and silently dropping packets
> if they got to zero. (Well, maybe send something back to home base
> to look for the routing loop).
On the current Internet, the necessity of IP options processing
prevents this. IP options require far more complex processing, and
most routers can handle packets with IP options only at a very limited
rate. At least one vendor offers to turn of IP option processing
(forwarding the packets simply as if they weren't there), but it
breaks some protocols (RSVP? IIRC something in the QoS land), and,
more important, existing peering contacts---many of them require that
you honour source routing information.
(Sorry if this is already addressed in the draft, I haven't found the
time to read it carefully yet.)