IPv6 Type 0 Routing Header issues
Hank Nussbacher
hank at efes.iucc.ac.il
Tue Apr 24 18:54:53 CEST 2007
On Tue, 24 Apr 2007, Gert Doering wrote:
How does one turn off IPv6 RH in IOS not via eACL?
In http://www.6net.org/events/workshop-2003/marin.pdf from 2003 slide 11
says it can't be turned off. Yet in slide 20 of Biondi/Ebalard it says it
can be deactivated in IOS.
So can someone point out the IOS command to deactivate it?
Thanks,
Hank
> Hi,
>
> On Tue, Apr 24, 2007 at 12:53:42AM +0100, Jeroen Massar wrote:
>> Just in case folks are missing out on this, find below a rather nasty
>> security issue.
>
> Indeed, good reminder to
>
> - deploy uRPF wherever possible
> (Cisco speak: "ipv6 verify unicast reverse-path")
>
> - keep your systems up-to-date (the Cisco advisory is from January)
>
> and the BSDs need to do a bit of homework (should never forward packets if
> ip6.forwarding is 0, and it's surprising that pf(4) can't filter on RH0s).
>
> Gert Doering
> -- NetMaster
> --
> Total number of prefixes smaller than registry allocations: 113403
>
> SpaceNet AG Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen HRB: 136055 (AG Muenchen)
> Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
>
More information about the ipv6-ops
mailing list