Re: IPv6 packets with HBH

2014-08-07 Thread Fernando Gont
Hi, Yannis, On 07/04/2014 12:05 PM, Yannis Nikolopoulos wrote: how do people handle packets with HBH present? Since their use is a potential attack vector, do people rate-limit them? I can't seem to find some sort of best practice on the issue This is the current state of affairs on the

AAAA records (was: Re: IPv6 packets with HBH)

2014-08-07 Thread Jens Link
Fernando Gont ferna...@gont.com.ar writes: Hi, This is the current state of affairs on the public IPv6 Internet: http://www.iepg.org/2014-07-20-ietf90/iepg-ietf90-ipv6-ehs-in-the-real-world-v2.0.pdf After reading slide 7 I decided to take a closer look at those funny IPv6 addresses. I used

Re: IPv6 packets with HBH

2014-08-07 Thread Ole Troan
Fernando, how do people handle packets with HBH present? Since their use is a potential attack vector, do people rate-limit them? I can't seem to find some sort of best practice on the issue This is the current state of affairs on the public IPv6 Internet:

Re: IPv6 packets with HBH

2014-07-18 Thread Yannis Nikolopoulos
Eric, thanks for your comments On 07/09/2014 12:47 PM, Eric Vyncke (evyncke) wrote: Yannis While I cannot speak for all vendors or even for all of my employer's products, you will indeed find that control-plane policing (= rate-limiting) is either on by default or can be configured on most

Re: IPv6 packets with HBH

2014-07-18 Thread Brian E Carpenter
You-all might want to hop over to IETF-land to comment on http://tools.ietf.org/html/draft-gont-opsec-ipv6-eh-filtering Regards Brian On 19/07/2014 07:45, Yannis Nikolopoulos wrote: Eric, thanks for your comments On 07/09/2014 12:47 PM, Eric Vyncke (evyncke) wrote: Yannis While I

Re: IPv6 packets with HBH

2014-07-09 Thread Eric Vyncke (evyncke)
Yannis While I cannot speak for all vendors or even for all of my employer's products, you will indeed find that control-plane policing (= rate-limiting) is either on by default or can be configured on most routers. Alternatively, you may want to use plain ACL to drop all those

Re: IPv6 packets with HBH

2014-07-05 Thread Brian E Carpenter
On 06/07/2014 01:27, Yannis Nikolopoulos wrote: On 07/04/2014 11:43 PM, Brian E Carpenter wrote: On 05/07/2014 04:05, Yannis Nikolopoulos wrote: hello, how do people handle packets with HBH present? Since their use is a potential attack vector, do people rate-limit them? I can't seem to find

Re: IPv6 packets with HBH

2014-07-04 Thread Brian E Carpenter
On 05/07/2014 04:05, Yannis Nikolopoulos wrote: hello, how do people handle packets with HBH present? Since their use is a potential attack vector, do people rate-limit them? I can't seem to find some sort of best practice on the issue I have the impression that they are simply ignored in