[ipv6hackers] RA guard evasion
Andrew Yourtchenko
ayourtch at gmail.com
Tue May 14 18:07:56 CEST 2013
On Tue, May 14, 2013 at 5:43 PM, Gert Doering <gert at space.net> wrote:
> Hi,
>
> On Tue, May 14, 2013 at 10:55:30AM +0000, Eric Vyncke (evyncke) wrote:
> > I would even go further and, when undetermined-transport is not
> > available, then dropping all fragments could be the last resort
> > (and then I am afraid that you may drop some legit traffic -- yet
> > to be seen though as MSS rules nowadays).
>
> MSS helps TCP, but not UDP. And there is large UDP packets, think EDNS0.
>
> (Whether this will ever work reliably in the face of interesting challenges
> handling fragmented IPv6 packets is a different question, but "just drop
> all fragments" is the wrong answer)
>
>
Would qualifying it "drop all fragments with link-local source" make look a
bit better ?
Also, EDNS0 on the stub segments is a traffic that is quite well defined
and could be explicitly permitted ? (let's leave aside the complexities it
adds, for a moment).
--a
> Gert Doering
> -- NetMaster
> --
> have you enabled IPv6 on something today...?
>
> SpaceNet AG Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen HRB: 136055 (AG Muenchen)
> Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>
More information about the Ipv6hackers
mailing list