Once upon a time, Harry Reynolds <[email protected]> said:
> Update. The better pr is 556860, which shows closed as not fixed. PR 573100
> is considered a new feature and cannot be made visible externally. <Oops>.
See RFC 4291:
2.5.6. Link-Local IPv6 Unicast Addresses
...
Routers must not forward any packets with Link-Local source or
destination addresses to other links.
JUNOS forwarding such packets is a major bug and IPv6 RFC violation.
That leaves a wide-open hole for difficult-to-trace DDoS attacks from
hosts connected to Juniper routers.
I'm seeing this on my M10i routers, if it makes any difference.
--
Chris Adams <[email protected]>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
