nanog mailing list archives
RE: WIndows Updates Fail Via IPv6 - Update!
From: <adamv0025 () netconsultings com>
Date: Thu, 7 Mar 2019 15:19:13 -0000
From: Saku Ytti <saku () ytti fi> Sent: Tuesday, March 5, 2019 3:00 PM On Tue, Mar 5, 2019 at 4:54 PM <adamv0025 () netconsultings com> wrote:Let me play a devil's advocate here, the above statement begs a questionthen, how do you know all that is harmful would you test for every possible extension and hw/sw permutation?So there would be 3 sets (though lines might be blurred) known safe,known harmful and the biggest of them unknown unknowns.Now as an operator of a commercial network (i.e. your customers like itmostly up) wouldn't you do a calculated risk evaluation and opt for the known safe -which you know 99% of your customers use and block the rest while pissing off the remaining 1%?I know it sounds awful (like a calculations for vehicle safety recalls), but ...Fear is excellent marketing tool, as we can see in politics, works every time. But I rather fix realised problems, rather than make unprovable assumptions of actions yielding to net benefit. The assumption here is, if we just allow ICMP types A, B and C we are gaining in security, can we substantiate that claim at all? We can substantiate easily that the proposed ICMP filter breaks real useful ICMP tooling. From past experience my assumptions would be more along the lines of if it's not mainstream there's a higher likelihood that it might trigger exceptions in code.
adam
Current thread:
- Re: WIndows Updates Fail Via IPv6 - Update!, (continued)
- Re: WIndows Updates Fail Via IPv6 - Update! Fernando Gont (Mar 05)
- Re: WIndows Updates Fail Via IPv6 - Update! Harald Koch (Mar 03)
- Re: WIndows Updates Fail Via IPv6 - Update! Mark Tinka (Mar 03)
- Re: WIndows Updates Fail Via IPv6 - Update! Radu-Adrian Feurdean (Mar 03)
- Re: WIndows Updates Fail Via IPv6 - Update! Mark Tinka (Mar 04)
- Re: WIndows Updates Fail Via IPv6 - Update! Saku Ytti (Mar 04)
- Re: WIndows Updates Fail Via IPv6 - Update! Rich Kulawiec (Mar 05)
- Re: WIndows Updates Fail Via IPv6 - Update! Saku Ytti (Mar 05)
- RE: WIndows Updates Fail Via IPv6 - Update! adamv0025 (Mar 05)
- Re: WIndows Updates Fail Via IPv6 - Update! Saku Ytti (Mar 05)
- RE: WIndows Updates Fail Via IPv6 - Update! adamv0025 (Mar 07)
- Re: WIndows Updates Fail Via IPv6 - Update! Saku Ytti (Mar 07)
- RE: WIndows Updates Fail Via IPv6 - Update! adamv0025 (Mar 07)
- Re: WIndows Updates Fail Via IPv6 - Update! Saku Ytti (Mar 07)
- Re: WIndows Updates Fail Via IPv6 - Update! Stephen Satchell (Mar 07)
- Re: WIndows Updates Fail Via IPv6 - Update! Saku Ytti (Mar 07)
- Re: WIndows Updates Fail Via IPv6 - Update! Martin Hannigan (Mar 05)
- Re: WIndows Updates Fail Via IPv6 - Update! Fernando Gont (Mar 05)
- Re: WIndows Updates Fail Via IPv6 - Update! Mark Andrews (Mar 05)
- Re: WIndows Updates Fail Via IPv6 - Update! Fernando Gont (Mar 05)
- Re: WIndows Updates Fail Via IPv6 - Update! Mark Andrews (Mar 05)