Re: Different view on RH0: it is good to take out unmaintained networks

To: IETF IPv6 Mailing List <ipv6 at ietf.org>, IPv6 Ops list <ipv6-ops at lists.cluenet.de>, Jeroen Massar <jeroen at unfix.org>
Subject: Re: Different view on RH0: it is good to take out unmaintained networks
From: Tim Enos <timbeck04 at verizon.net>
Date: Mon, 14 May 2007 09:37:34 -0500 (CDT)
Cc:
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>

Hi Jeroen/all,

>Hi,
>
>A little mail for a nice Monday morning discussion/flamebait:
>
>I became to realize that RH0 filtering is at all not really necessary.
>
>
>Networks who have uRPF enabled, they check the source of the packet and
>as such the packet pingpong doesn't work, yes the packet arrives, but
>when the packet has to be sent out onto the network again, it gets
>caught by the uRPF filter.
>
>Networks who do not have uRPF enabled and thus are not properly checking
>where a packet is actually being sourced from are open to the RH0 attack.
>
>As such, any network which does not have uRPF enabled is vulnerable to
>some nice RH0 packet ping ponging.
>
>Now, what we should hope is that people actually do NOT filter out RH0
>and then send out a lot of packets with RH0 headers ping ponging
>throughout the Internet. This will take care that the networks who are
>not properly applying uRPF will in effect nicely melt down.
>
>Maybe that brings to their attention that doing uRPF is actually a good
>thing as is being specified in BCP38 (BCP stands for Best Common
>Practices, but clearly a lot of networks don't take it in common).

Sort of a re-hash of my 11May07 posting:

The authors of BCP 38 clearly decided against also doing strict RPF because of the number of asymmetric routes in the Internet. If any kind of RPF is to be done in conjunction with ingress filtering (on the edge), it would not be the strick well on peering and transit interfaces.

>
>Greets,
> Jeroen

Best Regards,

Tim Enos
Rom 8:28

>
>
>
>
>--------------------------------------------------------------------
>IETF IPv6 working group mailing list
>ipv6 at ietf.org
>Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
>--------------------------------------------------------------------


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Prev by Date: Re: Different view on RH0: it is good to take out unmaintained networks
Next by Date: Re: Different view on RH0: it is good to take out unmaintained networks
Previous by thread: Re: Different view on RH0: it is good to take out unmaintained networks
Next by thread: Re: Different view on RH0: it is good to take out unmaintained networks
Index(es):
- Date
- Thread

Re: Different view on RH0: it is good to take out unmaintained networks

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.