Vyatta as a BRAS
Dobbins, Roland
rdobbins at arbor.net
Wed Jul 14 13:43:34 UTC 2010
On Jul 14, 2010, at 8:38 PM, Florian Weimer wrote:
> There's also the question of IP options (or extension headers). 8-)
I know that some modern hardware-based routers have the ability to either ignore options, or to drop option packets altogether.
I believe the same is now true of IPv6 extension-headere, or soon will be. You're absolutely correct that this is a significant possible attack vector, causing the packets in question to be punted, if there isn't a mechanism available to ignore them or to drop said packets.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
More information about the NANOG
mailing list