nanog mailing list archives
Re: Should routers send redirects by default?
From: "Eric J. Katanich" <ekat () onyxlight net>
Date: Fri, 20 Aug 2010 21:08:17 -0400
On Fri, 20 Aug 2010 18:16:35 EDT, Brandon Ross said:
How does turning off ICMP redirects on the router prevent a rouge PC from sending ICMP redirects to it's neighbors?
If I know for a fact that the network is designed such that I will never ever receive a valid ICMP redirect because there is exactly one route off the network, I can safely turn off "accept ICMP redirects" and be done with it. If I have to allow ICMP in, it becomes a much more interesting iptables/whatever issue. On Fri, 20 Aug 2010 15:34:17 PDT, Owen DeLong said:
This is worse than said PC issuing rogue RAs exactly how?
It's the exact same problem, actually.
Perhaps we should pressure switch vendors to add ICMP Redirect protection to the RA Guard feature they haven't implemented yet?
You mean you aren't already? ;)
Attachment:
ATT61001..txt
Description: ATT61001..txt
Current thread:
- Re: Should routers send redirects by default?, (continued)
- Re: Should routers send redirects by default? Butch Evans (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Butch Evans (Aug 20)
- Re: Should routers send redirects by default? Valdis . Kletnieks (Aug 20)
- Re: Should routers send redirects by default? Butch Evans (Aug 20)
- Re: Should routers send redirects by default? Brandon Ross (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Brandon Ross (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? Valdis . Kletnieks (Aug 20)
- Re: Should routers send redirects by default? Eric J. Katanich (Aug 20)
- Re: Should routers send redirects by default? Butch Evans (Aug 20)
- Re: Should routers send redirects by default? Owen DeLong (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 20)
- Re: Should routers send redirects by default? James Hess (Aug 25)
- Re: Should routers send redirects by default? Butch Evans (Aug 25)
- Re: Should routers send redirects by default? Christopher Morrow (Aug 20)
- Re: Should routers send redirects by default? Yann GAUTERON (Aug 20)
- Re: Should routers send redirects by default? Jared Mauch (Aug 21)
- Re: Should routers send redirects by default? Christopher Morrow (Aug 20)