Router / Protocol Problem
Travis Hassloch
travis.hassloch at rackspace.com
Thu Sep 7 21:32:06 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> Seems dubious. So I'm not not sure what sets the codepoint to 000001
>> by default, but apparently CodeRed does? Nevertheless, this seems like
>> a very weak basis for determining whether something is malicious.
There is an elegant solution; administrators should set the evil bit
on any malicious packets seeking egress;
http://www.faqs.org/rfcs/rfc3514.html
Quoting:
0x0 If the bit is set to 0, the packet has no evil intent. Hosts,
network elements, etc., SHOULD assume that the packet is
harmless, and SHOULD NOT take any defensive measures. (We note
that this part of the spec is already implemented by many common
desktop operating systems.)
0x1 If the bit is set to 1, the packet has evil intent. Secure
systems SHOULD try to defend themselves against such packets.
Insecure systems MAY chose to crash, be penetrated, etc.
And now for something completely different...
- --
The whole point of the Internet is that different kinds of computers
can interoperate. Every time you see a web site that only supports
certain browsers or operating systems, they clearly don't get it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFAI/WPlSPhv5tocwRAnhrAJ40WgDRn+9fSPXa5U4qZGRRGRbjowCfbBxI
AaDLCfYgGF1MjcieyDvuuME=
=pibC
-----END PGP SIGNATURE-----
More information about the NANOG
mailing list