[ipv6hackers] RA guard evasion
gert at space.net
Tue May 14 17:43:54 CEST 2013
On Tue, May 14, 2013 at 10:55:30AM +0000, Eric Vyncke (evyncke) wrote:
> I would even go further and, when undetermined-transport is not
> available, then dropping all fragments could be the last resort
> (and then I am afraid that you may drop some legit traffic -- yet
> to be seen though as MSS rules nowadays).
MSS helps TCP, but not UDP. And there is large UDP packets, think EDNS0.
(Whether this will ever work reliably in the face of interesting challenges
handling fragmented IPv6 packets is a different question, but "just drop
all fragments" is the wrong answer)
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the Ipv6hackers