[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational

To: Fred Baker <fred@cisco.com>
Subject: Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational
From: Gert Doering <gert@space.net>
Date: Wed, 14 Jun 2006 17:28:11 +0200
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, David Kessens <david.kessens@nokia.com>, v6ops@ops.ietf.org
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=testkey; d=space.net; b=bnuPFl9Z9k8Jr6AQFxAEHpg19z1RXXhUHIhWOEiQShZyw0zkLzDQhTBuVMgSJDta ;
In-reply-to: <9344B322-C7AF-4E31-964C-E44B8F308978@cisco.com>
References: <A6007915-F387-44E1-B8B2-69A1B21DA673@cisco.com> <920B9F26-1848-42A2-AF1D-64837FABBD4A@muada.com> <8811945A-7AFD-4C5B-9A7F-3FEB6E3C573D@cisco.com> <E7CBFE9E-406B-44C2-953E-C637EAB52574@muada.com> <9344B322-C7AF-4E31-964C-E44B8F308978@cisco.com>
User-agent: Mutt/1.4.2.1i

Hi,

On Tue, Jun 13, 2006 at 05:29:53PM -0700, Fred Baker wrote:
> As to my comment on the Hop Limit, I did read the document. It  
> states, in several places, that the recommendation is that the Hop  
> Limit be set to 255 and tested for still being 255 on receipt. What I  
> stated was that I would go at it a different way. If the packet is  
> sent with Hop Limit = 1, it cannot pass a compliant router or  
> firewall, so there is no need to test for whether it did or didn't.  
> My way is, I think, more robust - it depends only on the sender, not  
> the sender and the receiver. 

Well, actually I tend to disagree.  If you're concerned about security,
you must assume that the sender will do everything possible to break
things - and that way, he will NOT be well-behaved and send out packets
with a TTL of 1.

Making the TTL=255? check on the receiver makes sure that the packet MUST
come from a directly connected host - no matter how ill the intentions of
the sender.

Gert Doering
        -- NetMaster
-- 
Total number of prefixes smaller than registry allocations:  92315

SpaceNet AG                    Mail: netmaster@Space.Net
Joseph-Dollinger-Bogen 14      Tel : +49-89-32356-0
D- 80807 Muenchen              Fax : +49-89-32356-234

Follow-Ups:
- Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational
  - From: Tim Chown <tjc@ecs.soton.ac.uk>
- Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational
  - From: rfgraveman@nac.net

References:
- draft-ietf-v6ops-icmpv6-filtering-recs to informational
  - From: Fred Baker <fred@cisco.com>
- Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational
  - From: Fred Baker <fred@cisco.com>
- Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational
  - From: Fred Baker <fred@cisco.com>

Prev by Date: Re: Preliminary agenda, for comment
Next by Date: Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational
Previous by thread: Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational
Next by thread: Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational
Index(es):
- Date
- Thread