[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [RRG] Re: Six/One Router revised 2008-07-12 - IPsec
Robin,
>Hosts should be very fussy about accepting ICMPv6 Error Messages, to
>protect against an off-path attacker guessing the values of packets
>recently sent and thereby successfully launching a DoS by sending
>spoofed ICMPv6 Error Message packets to the sending host.
Said another way, an approach in which hosts within
a site rely on PMTU messaging from anonymous routers
outside of the site is fragile at best and susceptible
to spoofing attacks. (The same is not true when hosts
only need to rely on PMTU messaging from trusted
routers within the site.)
Fred
fred.l.templin@boeing.com
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg