pekkas at netcore.fi
Mon Sep 22 22:38:13 CEST 2008
On Mon, 22 Sep 2008, Iljitsch van Beijnum wrote:
>> If it isn't routed, it's bogus and should be dropped. If you expose
>> unroutable address space to outside, don't make it others' fault if it
>> causes breakage.
> Well, then what are people who use ULA addressing for some of their routers
> internally supposed to do? There is no RFC that says this is not allowed and
> also no RFC that borrows a non-ULA address from another interface (like with
> link local) so either write those RFCs, don't use PMTUD or expect problems at
> your end.
First of all, you should really figure out if ULA is such a great idea
in the first place.
But if you use it (e.g. in SOHO or similar "sometimes disconnected"
case) -- don't decrease MTU in your internal network, so you'll never
have to send ICMP Packet Too Big's to the outside. No problem then..
David, yes, the source address in ICMP PMTUD messages is irrelevant.
The attack you mention is possible. It's discussed in detail in
http://tools.ietf.org/html/draft-ietf-tcpm-icmp-attacks-03 Section 7.
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the ipv6-ops