nanog mailing list archives
Re: Class E addresses? 240/4 history
From: John Gilmore <gnu () toad com>
Date: Mon, 22 Nov 2021 01:25:15 -0800
Eliot Lear <lear () ofcourseimright com> wrote:
In 2008, Vince Fuller, Dave Meyer, and I put together draft-fuller-240space, and we presented it to the IETF. There were definitely people who thought we should just try to get to v6, but what really stopped us was a point that Dave Thaler made: unintended impact on non-participating devices, and in particular CPE/consumer firewall gear, and at the time there were serious concerns about some endpoint systems as well.
I was not in this part of IETF in those days, so I did not participate in those discussions. But I later read them on the archived mailing list, and reached out by email to Dave Thaler for more details about his concerns. He responded with the same general issues (and a request that we and everyone else spend more time on IPv6). I asked in a subsequent message for any details he has about such products that he thought would fail. He was unable or unwilling to point out even a single operating system, Internet node type, or firewall product that would fail unsafely if it saw packets from the 240/4 range. As documented in our Internet-Draft, all such products known to us either accept those packets as unicast traffic, or reject such packets and do not let them through. None crashes, reboots, fills logfiles with endless messages, falls on the floor, or otherwise fails. No known firewall is letting 240/4 packets through on the theory that it's perfectly safe because every end-system will discard them. As far as I can tell, what Eliot says really stopped this proposal in 2008 was Dave's hand-wave of *potential* concern, not an actual documented problem with the proposal. If anyone knows an *actual* documented problem with 240/4 packets, please tell us! (And as I pointed out subsequently to Dave, if any nodes currently in service would *actually* crash if they received a 240/4 packet, that's a critical denial of service issue. For reasons completely independent from our proposal, those machines should be rapidly identified and patched, rather than remaining vulnerable from 2008 thru 2021 and beyond. It would be trivial for an attacker to send such packets-of-death from any Linux, Solaris, Android, MacOS, or iOS machine that they've broken into on the local LAN. And even Windows machines may have ways to send raw Ethernet packets that could be crafted by an attacker to appear to be deadly IPv4 240/4 packets.) John
Current thread:
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public, (continued)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public William Herrin (Nov 21)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public Greg Skinner via NANOG (Nov 22)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public Eliot Lear (Nov 23)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public William Herrin (Nov 23)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public David Conrad (Nov 23)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public William Herrin (Nov 23)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public David Conrad (Nov 24)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public William Herrin (Nov 24)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public Denis Fondras (Nov 24)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public Greg Skinner via NANOG (Nov 29)
- Re: Class E addresses? 240/4 history John Gilmore (Nov 22)
- Re: Class E addresses? 240/4 history Eliot Lear (Nov 22)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public Måns Nilsson (Nov 20)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public Matthew Walster (Nov 20)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public John Levine (Nov 20)
- Re: Class D addresses? was: Redploying most of 127/8 as unicast public Enno Rey (Nov 20)
- Re: Redploying most of 127/8 as unicast public Owen DeLong via NANOG (Nov 19)
- Re: Redploying most of 127/8 as unicast public John Gilmore (Nov 19)
- Re: Redploying most of 127/8 as unicast public Måns Nilsson (Nov 19)
- Re: Redeploying most of 127/8, 0/8, 240/4 and *.0 as unicast John Gilmore (Nov 18)
- Re: Redeploying most of 127/8, 0/8, 240/4 and *.0 as unicast Fred Baker (Nov 18)