> [attacker] --- [internet] ---- [ISP] --- [customer w/ site locals] > > Now the attacker can send packets with a fec0::/10 source > address to the customer -- no one will block them unless > they're explicitly configured as site borders -- before the > customer itself. And if the customer does not block them, > we're in for very serious trouble. > > That seemed to be what everyone except me read the ADDRARCH > paragraph to imply. I thought attackers first-hop router (or > at the latest, attackers edge router) should block these > packets automatically.
No. At least I read ADDRARCH as meaning that the routers between the attacker and the customer would all be configured (one way or another - either manually or because it's their default configuration) as site boundaries, meaning they would filter the site-local packets. Rich -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
