On 05/25/2013 12:29 AM, Dave Thaler wrote: > [...] >> The fact that you use a firewall is mostly irrelevant. I'd bet your firewall >> still >> reponds to some packets (e.g., packets with unsupported options?). > [..] > > No, the Windows firewall doesn't allow any ICMP responses to unsolicited > traffic, > they're all dropped. This is what is sometimes called "stealth mode". > >> And, if >> that were not the case, I could rely on the >> ICMPv6 "address resolution failed" error messages sent by your local router >> (i.e., if I receive one of such messages, you're not there. If I don't, you >> are). > > Ok, yes that one is interesting.
An attacker just needs one vector to be successful. And at the point such vector is not under your control (as in this case), all bets are off. Cheers, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
