Pekka For autotunnel, see RFC 2893, Section 5.6. Here is an excerpt:
> Since automatic tunnels always > encapsulate to the destination (i.e. the IPv4 destination will be > the destination) any packet received over an automatic tunnel SHOULD > NOT be forwarded. Also, addr-arch-v3 states: > Routers must not forward any packets with link-local source or > destination addresses to other links. and > Routers must not forward any multicast packets beyond of the scope > indicated by the scop field in the destination multicast address. -vlad Pekka Savola wrote: > > On Wed, 19 Dec 2001, Vladislav Yasevich wrote: > > I don't think link-local attack can be carried out through automatic tunnels > > (not to mention that they will fail the address checks). > > > > After decapsulation, the packet is submitted for further input processing > > to look at the innner header. At this point, the source or destination > > (or both) are link local and the packet must to be forwarded off the link > > (the link in this case is the tunnel). So in effect you are attacking > > the decapsulator (a router in most cases). > > Are you sure about this? > > I don't think so. > > Automatic tunneling is equivalent to configured tunneling. Link-local > addresses can be used in manual tunnels. AFAICS, automatic tunneling is > not really any different, except that source IPv4 address can be anything > at all. > > -- > Pekka Savola "Tell me of difficulties surmounted, > Netcore Oy not those you stumble over and fall" > Systems. Networks. Security. -- Robert Jordan: A Crown of Swords > > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- -- ++++++++++++++++++++++++++++++++++++++++++++++++++++ Vladislav Yasevich Tel: (603) 884-1079 Compaq Computer Corp. Fax: (435) 514-6884 110 Spit Brook Rd ZK03-3/T07 Nashua, NH 03062 -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
