Eric, guys, On Thu, Aug 28, 2014 at 02:28:53PM +0000, Eric Vyncke (evyncke) wrote: > The mapped IPv4 address is probably coming out of a 6PE (or 6VPE) MPLS router > where the HopLimit field is copied into the MPLS header and when the poor P > router in charge of sending the ICMPv6 has no IPv6 address at all? This is > per RFC and perhaps an explanation why uRPF is not activated? > > No explanation about the :: address though? > > As a security person, I would love to have uRPF enabled where possible but I > am afraid that even in IPv4 it is not deployed everywhere :-(
to be honest, as another security person, I'm not really sure about the benefit of uRPF in the IPv6 world, in some scenarios. imagine a single infected smartphone on LTE, generating connections with potentially 2^64 different source addresses from its assigned /64. How would you counter that with uRPF? not to speak about a home device sitting behind a CPE (and mimicing connections from different /64s being part of the /56 the CPE "got")... thoughts? best Enno > > -?ric > > PS: indeed, ask your vendors for features, customers have much more power > than you guess :-) > > From: Lorenzo Colitti <[email protected]<mailto:[email protected]>> > Date: jeudi 28 ao?t 2014 07:46 > To: Jeroen Massar <[email protected]<mailto:[email protected]>> > Cc: IPv6 Ops list > <[email protected]<mailto:[email protected]>> > Subject: Re: Something with filters > > On Wed, Aug 27, 2014 at 9:01 AM, Jeroen Massar > <[email protected]<mailto:[email protected]>> wrote: > 9 2001:5a0:a00::2e (2001:5a0:a00::2e) 79.018 ms 79.910 ms 79.960 ms > 10 :: (::) 101.893 ms 102.004 ms 103.574 ms > 11 rar3.chicago-il.us.xo.net<http://rar3.chicago-il.us.xo.net> > (::ffff:65.106.1.155) 104.732 ms > > Yeah baby, we can use the unspecified address in ICMP replies! > > The mapped IPv4 address in there is pretty cool, too... -- Enno Rey ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 Handelsregister Mannheim: HRB 337135 Geschaeftsfuehrer: Enno Rey ======================================================= Blog: www.insinuator.net || Conference: www.troopers.de Twitter: @Enno_Insinuator =======================================================
