On Thu, 31 Oct 2002, Hesham Soliman (EAB) wrote: > => Pekka, if all the ISP's between the client in your > picture and the detination are stupid enough > to not ingress filter the SL source,
Why should they care about it _at all_? The only one who _should_ be doing it (but for different purposes) is the attacker's ISP, when performing ingress filtering. But seeing the lack of ingress filtering today with IPv4 doesn't really make me believe the situation would be much better with IPv6. > AND the end site is > equally as incompetent, then yes, your client will > get there. [...] The destination site is naturally at fault here -- they should have done it, but perhaps they didn't think it was necessary (after all, all site-local traffic is /dev/null'ed at their border router), or forgot to do it. Happens all the time. > I'm sorry but I don't see this as a realistic or serious > issue. Difference in what people expect to get done with site-locals is a serious issue. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
