[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-ietf-v6ops-icmpv6-filtering-bcp-00.txt
At 09:32 a.m. 19/10/2005, Elwyn Davies wrote:
This new wg draft was published this week. It is a substantial rewrite of
the individual draft which Janos and I published in July.
It now covers all the messages that are currently defined for ICMPv6 and
is written in a format which should make it easier for administrators to
crate firewall rules from it.
Comments would be appreciated.
A couple of issues that seem to be missing:
* There's no mention of ICMP attacks against TCP. I have authored a draft
on this issue, along with counter-measures. You can find my internet-draft
at http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-04.txt
. You should probably mention the attacks, and provide a reference to my
draft for further discussion.
* There's no mention of ingress and egress ICMP-filtering based on the
payload of ICMP messages. You can find a description of such an "advanced"
filtering in Section 4.3 ("Filtering ICMP error messages based on the ICMP
payload") of my internet-draft "ICMP attacks against TCP", too.
Kindest regards,
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org