[127785] in North American Network Operators' Group
Re: Vyatta as a BRAS
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Wed Jul 14 09:43:47 2010
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Wed, 14 Jul 2010 13:43:34 +0000
In-Reply-To: <82lj9enpyc.fsf@mid.bfk.de>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jul 14, 2010, at 8:38 PM, Florian Weimer wrote:
> There's also the question of IP options (or extension headers). 8-)
I know that some modern hardware-based routers have the ability to either i=
gnore options, or to drop option packets altogether.
I believe the same is now true of IPv6 extension-headere, or soon will be. =
You're absolutely correct that this is a significant possible attack vecto=
r, causing the packets in question to be punted, if there isn't a mechanism=
available to ignore them or to drop said packets.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
