On Wed, 19 Dec 2001, Vladislav Yasevich wrote: > I don't think link-local attack can be carried out through automatic tunnels > (not to mention that they will fail the address checks). > > After decapsulation, the packet is submitted for further input processing > to look at the innner header. At this point, the source or destination > (or both) are link local and the packet must to be forwarded off the link > (the link in this case is the tunnel). So in effect you are attacking > the decapsulator (a router in most cases).
Are you sure about this? I don't think so. Automatic tunneling is equivalent to configured tunneling. Link-local addresses can be used in manual tunnels. AFAICS, automatic tunneling is not really any different, except that source IPv4 address can be anything at all. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
