[ipv6hackers] RA guard evasion

Gert Doering gert at space.net
Tue May 14 17:43:54 CEST 2013


On Tue, May 14, 2013 at 10:55:30AM +0000, Eric Vyncke (evyncke) wrote:
> I would even go further and, when undetermined-transport is not
> available, then dropping all fragments could be the last resort
> (and then I am afraid that you may drop some legit traffic -- yet
> to be seen though as MSS rules nowadays).

MSS helps TCP, but not UDP.  And there is large UDP packets, think EDNS0.

(Whether this will ever work reliably in the face of interesting challenges
handling fragmented IPv6 packets is a different question, but "just drop
all fragments" is the wrong answer)

Gert Doering
        -- NetMaster
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

More information about the Ipv6hackers mailing list