nanog mailing list archives
Re: Vyatta as a BRAS
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Wed, 14 Jul 2010 13:43:34 +0000
On Jul 14, 2010, at 8:38 PM, Florian Weimer wrote:
There's also the question of IP options (or extension headers). 8-)
I know that some modern hardware-based routers have the ability to either ignore options, or to drop option packets altogether. I believe the same is now true of IPv6 extension-headere, or soon will be. You're absolutely correct that this is a significant possible attack vector, causing the packets in question to be punted, if there isn't a mechanism available to ignore them or to drop said packets. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
Current thread:
- Re: Vyatta as a BRAS, (continued)
- Re: Vyatta as a BRAS Valdis . Kletnieks (Jul 16)
- Re: Vyatta as a BRAS Joe Greco (Jul 16)
- Re: Vyatta as a BRAS Tony Li (Jul 16)
- Re: Vyatta as a BRAS Joel Jaeggli (Jul 16)
- Re: Vyatta as a BRAS Matthew Kaufman (Jul 13)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 13)
- Re: Vyatta as a BRAS Valdis . Kletnieks (Jul 13)
- Re: Vyatta as a BRAS David Barak (Jul 13)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 13)
- Re: Vyatta as a BRAS Florian Weimer (Jul 14)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 14)
- Re: Vyatta as a BRAS Florian Weimer (Jul 14)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 14)
- Re: Vyatta as a BRAS Jon Lewis (Jul 14)
- Re: Vyatta as a BRAS sthaug (Jul 14)
- Re: Vyatta as a BRAS Joel Jaeggli (Jul 14)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 13)
- Re: Vyatta as a BRAS Florian Weimer (Jul 14)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 14)
- Re: Vyatta as a BRAS Mark Smith (Jul 17)