Something with filters

Enno Rey erey at ernw.de
Thu Aug 28 16:31:22 CEST 2014 

Eric, guys,

On Thu, Aug 28, 2014 at 02:28:53PM +0000, Eric Vyncke (evyncke) wrote:
> The mapped IPv4 address is probably coming out of a 6PE (or 6VPE) MPLS router where the HopLimit field is copied into the MPLS header and when the poor P router in charge of sending the ICMPv6 has no IPv6 address at all? This is per RFC and perhaps an explanation why uRPF is not activated?
> 
> No explanation about the :: address though?
> 
> As a security person, I would love to have uRPF enabled where possible but I am afraid that even in IPv4 it is not deployed everywhere :-(

to be honest, as another security person, I'm not really sure about the benefit of uRPF in the IPv6 world, in some scenarios.
imagine a single infected smartphone on LTE, generating connections with potentially 2^64 different source addresses from its assigned /64. How would you counter that with uRPF?
not to speak about a home device sitting behind a CPE (and mimicing connections from different /64s being part of the /56 the CPE "got")...
thoughts?

best

Enno





> 
> -?ric
> 
> PS: indeed, ask your vendors for features, customers have much more power than you guess :-)
> 
> From: Lorenzo Colitti <lorenzo at google.com<mailto:lorenzo at google.com>>
> Date: jeudi 28 ao?t 2014 07:46
> To: Jeroen Massar <jeroen at massar.ch<mailto:jeroen at massar.ch>>
> Cc: IPv6 Ops list <ipv6-ops at lists.cluenet.de<mailto:ipv6-ops at lists.cluenet.de>>
> Subject: Re: Something with filters
> 
> On Wed, Aug 27, 2014 at 9:01 AM, Jeroen Massar <jeroen at massar.ch<mailto:jeroen at massar.ch>> wrote:
>  9  2001:5a0:a00::2e (2001:5a0:a00::2e)  79.018 ms  79.910 ms  79.960 ms
> 10  :: (::)  101.893 ms  102.004 ms  103.574 ms
> 11  rar3.chicago-il.us.xo.net<http://rar3.chicago-il.us.xo.net> (::ffff:65.106.1.155)  104.732 ms
> 
> Yeah baby, we can use the unspecified address in ICMP replies!
> 
> The mapped IPv4 address in there is pretty cool, too...

-- 
Enno Rey

ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey

=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
Twitter: @Enno_Insinuator
=======================================================

More information about the ipv6-ops mailing list