On 08/19/2014 01:17 PM, Jeroen Massar wrote: > > While that specific fragmented attack won't work, one can still spoof > return ICMPs and give wrong answers. > > Anyone remember Rotorouter[1] ? :) > > Hence, why it is a good idea to do the same checks for IPv4 too and why > I avoid mentioning what kind of attack it was solving. It is just good > hygiene to check validity of things.
FWIW, I had posted this thingy a while ago: <http://www.gont.com.ar/papers/filtering-of-icmp-error-messages.pdf> -- essentially BCP38 on the ICMPv4 payload.. Cheers, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
