nanog mailing list archives

Re: Should routers send redirects by default?

From: Valdis.Kletnieks () vt edu
Date: Fri, 20 Aug 2010 19:31:38 -0400

On Fri, 20 Aug 2010 18:16:35 EDT, Brandon Ross said:

How does turning off ICMP redirects on the router prevent a rouge PC from 
sending ICMP redirects to it's neighbors?


If I know for a fact that the network is designed such that I will never ever
receive a valid ICMP redirect because there is exactly one route off the
network, I can safely turn off "accept ICMP redirects" and be done with it.

If I have to allow ICMP in, it becomes a much more interesting iptables/whatever
issue.

On Fri, 20 Aug 2010 15:34:17 PDT, Owen DeLong said:

This is worse than said PC issuing rogue RAs exactly how?


It's the exact same problem, actually.

Perhaps we should pressure switch vendors to add ICMP Redirect
protection to the RA Guard feature they haven't implemented yet?


You mean you aren't already? ;)

Attachment: _bin
Description:

Current thread:

Re: Should routers send redirects by default?, (continued)
- Re: Should routers send redirects by default? Dobbins, Roland (Aug 20)
- Re: Should routers send redirects by default? Butch Evans (Aug 20)
  - Re: Should routers send redirects by default? Jared Mauch (Aug 20)
    - Re: Should routers send redirects by default? Butch Evans (Aug 20)
    - Re: Should routers send redirects by default? Valdis . Kletnieks (Aug 20)
    - Re: Should routers send redirects by default? Butch Evans (Aug 20)
    - Re: Should routers send redirects by default? Brandon Ross (Aug 20)
    - Re: Should routers send redirects by default? Jared Mauch (Aug 20)
    - Re: Should routers send redirects by default? Brandon Ross (Aug 20)
    - Re: Should routers send redirects by default? Jared Mauch (Aug 20)
    - Re: Should routers send redirects by default? Valdis . Kletnieks (Aug 20)
    - Re: Should routers send redirects by default? Eric J. Katanich (Aug 20)
    - Re: Should routers send redirects by default? Owen DeLong (Aug 20)
    - Re: Should routers send redirects by default? Jared Mauch (Aug 20)
    - Re: Should routers send redirects by default? James Hess (Aug 25)
    - Re: Should routers send redirects by default? Butch Evans (Aug 25)
    - Re: Should routers send redirects by default? Christopher Morrow (Aug 20)
    - Re: Should routers send redirects by default? Yann GAUTERON (Aug 20)
    - Re: Should routers send redirects by default? Jared Mauch (Aug 21)
- Re: Should routers send redirects by default? Owen DeLong (Aug 20)
  - Re: Should routers send redirects by default? Christopher Morrow (Aug 20)

(Thread continues...)