nanog mailing list archives
Re: WIndows Updates Fail Via IPv6 - Update!
From: Saku Ytti <saku () ytti fi>
Date: Tue, 5 Mar 2019 14:35:13 +0200
Hey Rich,
I've pointed folks at this for years: ICMP Packet Filtering v1.2 http://www.cymru.com/Documents/icmp-messages.html
To me this seems anti-pattern. It seems it was written on basis of 'what we know we allow, what we don't know we deny'. With assumption that ICMP dangerous. Similarly we break IP extensibility by not allowing IP protocols we don't know about. There are many, hopefully obvious reasons that just because we don't know about it, doesn't mean it's dangerous. One more obvious is, that it may not exist yet. To me, the correct pattern is here is to deny things you know to be harmful and can justify it reasonably and test that justification over time for its validity. One particular example springs to mind, ICMP Timestamp, this allows you to measure unidirectional latency to millisecond precision, unless we specifically break it. It's been useful troubleshooting tool to me in the past, saving time and money. -- ++ytti
Current thread:
- Re: WIndows Updates Fail Via IPv6 - Update!, (continued)
- Re: WIndows Updates Fail Via IPv6 - Update! Mark Tinka (Mar 03)
- Re: WIndows Updates Fail Via IPv6 - Update! Stephen Satchell (Mar 03)
- Re: WIndows Updates Fail Via IPv6 - Update! Mark Andrews (Mar 03)
- Re: WIndows Updates Fail Via IPv6 - Update! Fernando Gont (Mar 05)
- Re: WIndows Updates Fail Via IPv6 - Update! Harald Koch (Mar 03)
- Re: WIndows Updates Fail Via IPv6 - Update! Mark Tinka (Mar 03)
- Re: WIndows Updates Fail Via IPv6 - Update! Radu-Adrian Feurdean (Mar 03)
- Re: WIndows Updates Fail Via IPv6 - Update! Mark Tinka (Mar 04)
- Re: WIndows Updates Fail Via IPv6 - Update! Saku Ytti (Mar 04)
- Re: WIndows Updates Fail Via IPv6 - Update! Rich Kulawiec (Mar 05)
- Re: WIndows Updates Fail Via IPv6 - Update! Saku Ytti (Mar 05)
- RE: WIndows Updates Fail Via IPv6 - Update! adamv0025 (Mar 05)
- Re: WIndows Updates Fail Via IPv6 - Update! Saku Ytti (Mar 05)
- RE: WIndows Updates Fail Via IPv6 - Update! adamv0025 (Mar 07)
- Re: WIndows Updates Fail Via IPv6 - Update! Saku Ytti (Mar 07)
- RE: WIndows Updates Fail Via IPv6 - Update! adamv0025 (Mar 07)
- Re: WIndows Updates Fail Via IPv6 - Update! Saku Ytti (Mar 07)
- Re: WIndows Updates Fail Via IPv6 - Update! Stephen Satchell (Mar 07)
- Re: WIndows Updates Fail Via IPv6 - Update! Saku Ytti (Mar 07)
- Re: WIndows Updates Fail Via IPv6 - Update! Martin Hannigan (Mar 05)
- Re: WIndows Updates Fail Via IPv6 - Update! Fernando Gont (Mar 05)