nanog mailing list archives
Re: BCP for securing IPv6 Linux end node in AWS
From: Saku Ytti <saku () ytti fi>
Date: Sun, 14 May 2017 17:30:12 +0300
On 14 May 2017 at 16:49, Eric Germann <ekgermann () semperen com> wrote: Hey,
For example, on the IPv4 side, there arguably is no value to timestamp requests and address mask requests externally, so dump them.
It's very dangerous proposal when we start considering everything 0 value which isn't value to ourselves currently. Is ICMP TS known attack vector? It has one particularly useful diagnostic purpose, you can use it to measure unidirectional latencies up-to 1ms accuracy. It has on occasions reduced needed troubleshooting time and reduced amount of people who need to look into the problem. -- ++ytti
Current thread:
- BCP for securing IPv6 Linux end node in AWS Eric Germann (May 14)
- Re: BCP for securing IPv6 Linux end node in AWS Alarig Le Lay (May 14)
- Re: BCP for securing IPv6 Linux end node in AWS Bjørn Mork (May 14)
- Re: BCP for securing IPv6 Linux end node in AWS Eric Germann (May 14)
- Re: BCP for securing IPv6 Linux end node in AWS Saku Ytti (May 14)
- Re: BCP for securing IPv6 Linux end node in AWS Enno Rey (May 14)
- Re: BCP for securing IPv6 Linux end node in AWS Rich Kulawiec (May 15)
- Re: BCP for securing IPv6 Linux end node in AWS JORDI PALET MARTINEZ (May 15)
- Re: BCP for securing IPv6 Linux end node in AWS Alarig Le Lay (May 14)