Router / Protocol Problem

Travis Hassloch travis.hassloch at
Thu Sep 7 21:32:06 UTC 2006

Hash: SHA1

>> Seems dubious.  So I'm not not sure what sets the codepoint to 000001
>> by default, but apparently CodeRed does?  Nevertheless, this seems like
>> a very weak basis for determining whether something is malicious.

There is an elegant solution; administrators should set the evil bit
on any malicious packets seeking egress;


   0x0  If the bit is set to 0, the packet has no evil intent.  Hosts,
        network elements, etc., SHOULD assume that the packet is
        harmless, and SHOULD NOT take any defensive measures.  (We note
        that this part of the spec is already implemented by many common
        desktop operating systems.)

   0x1  If the bit is set to 1, the packet has evil intent.  Secure
        systems SHOULD try to defend themselves against such packets.
        Insecure systems MAY chose to crash, be penetrated, etc.

And now for something completely different...
- --
The whole point of the Internet is that different kinds of computers
can interoperate.  Every time you see a web site that only supports
certain browsers or operating systems, they clearly don't get it.
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the NANOG mailing list