IPv6 Type 0 Routing Header issues
Gert Doering
gert at space.net
Mon Apr 30 17:48:59 CEST 2007
Hi,
On Mon, Apr 30, 2007 at 05:46:12PM +0200, Sebastian Wiesinger wrote:
> > - all the nice and shiny IPv6 filtering stuff isn't available in
> > 12.2S-based releases yet. Thanksverymuch.
>
> Oh. That's a bummer. Well I'm out of ideas. Perhaps using a bridge to
> filter it on L2 if possible.
Haaaahaha :-)
What you *can* do is drop all routing headers, but then you break
Mobile IPv6. Which nobody is using.
OTOH, using control plane policing, policing packets with RH headers
targetting your routers down to "100 pps" *should* definitely reduce the
usefulness of RH0 attacks using these routers as "bounce point" - if it
is properly supported, which I'm not 100% sure right now.
Gert Doering
-- NetMaster
--
Total number of prefixes smaller than registry allocations: 113403
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops
mailing list