Robin, >Hosts should be very fussy about accepting ICMPv6 Error Messages, to >protect against an off-path attacker guessing the values of packets >recently sent and thereby successfully launching a DoS by sending >spoofed ICMPv6 Error Message packets to the sending host.
Said another way, an approach in which hosts within a site rely on PMTU messaging from anonymous routers outside of the site is fragile at best and susceptible to spoofing attacks. (The same is not true when hosts only need to rely on PMTU messaging from trusted routers within the site.) Fred [EMAIL PROTECTED] -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
