Re: Smallest Transit MTU

[Robert E.Seastrom <rs () seastrom com>]

John Kristoff <jtk () northwestern edu> writes:

> I think you may be fearful that the use of reserved bits introduces
> a new security risk, because of something a system may do in response
> to the use of those new fields.  That is a very legitimate concern
> and a very real potential risk.  I guess in my view of the world, in
> practical terms, we're not likely to see an experimental protocol
> start getting widely deployed and then suddenly discover that we have
> a major security threat on our hands that we cannot easily fix before
> it brings the net to a complete halt.  At least not since the
> publication of RFC 793.  :-)

You must not remember how SunOS 4 responded when handed icmp echo
requests with the record-route option set (passed the packet on for
the next guy to enjoy and then promptly paniced).

A deny-all-permit-some firewall that passes through IP options which
are not explicitly needed for the operation of some specific end-node
would qualify for the "unclear on the concept" award.

                                        ---Rob