IPv6 Type 0 Routing Header issues

Marco d'Itri md at Linux.IT
Mon Apr 23 22:51:11 CEST 2007


On Apr 23, Roger Jørgensen <roger at jorgensen.no> wrote:

> > Speaking of which, during the last couple of months some folks appear
> > to have been testing these.  Specifically, our egress source spoofing
> > filters block some routing header packets between
> > 2001:AD0:301:1002::/64 (DT-IPV6-EE-TLN-VS1) and 2001:730:5::/48
> > (NEXTGEN-LAB).  I wonder what those folks are trying to do, maybe test
> > ingress filters or map topology using 'roundabout' traceroute..
> 2001:730:5::/48 is the network I control, and the other one I have no idea
> about. Only thing in that netspace I'm somehow connected to is the
> eu.irc6.net server that are located in 2001:AD0::/32 netblock.

It's probably safe to assume that what the original poster is seeing is
the effect of a linux box with multiple tunnels configured on it but a
single default route and no policy (source-based) routing.
I see this often on my SixXS tunnel broker POP, and it's an easy way to
weed out the users who sign up just for IRC and will attract a DoS
sooner or later.

-- 
ciao,
Marco



More information about the ipv6-ops mailing list