[ipv6hackers] Operational ICMPv6 Filtering
Simon Perreault
simon.perreault at viagenie.ca
Thu May 31 16:06:18 CEST 2012
On 2012-05-31 09:52, daniel.bartram at bt.com wrote:
> Granted, but hackers don't work within what the RFC's say, or on the
> converse can work within exactly what they say to find
> vulnerabilities. If I don't know or need what type 4 does then I will
> block it until a time where I do need it or I find it did in fact
> break something. Why leave it open just because something tells you
> to? I'd expect an even better network engineer to make their own
> rules.
Change "type 4" with "type 2" and the above turns into the usual
reasoning for breaking PMTUD.
This is why we can't have nice things.
If you don't know why the RFC tell you you MUST NOT block something,
then you better follow the RFC and not block it.
Simon
--
DTN made easy, lean, and smart --> http://postellation.viagenie.ca
NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca
STUN/TURN server --> http://numb.viagenie.ca
More information about the Ipv6hackers
mailing list