BCP for securing IPv6 Linux end node in AWS

Saku Ytti saku at ytti.fi
Sun May 14 14:30:12 UTC 2017


On 14 May 2017 at 16:49, Eric Germann <ekgermann at semperen.com> wrote:

Hey,

> For example, on the IPv4 side, there arguably is no value to timestamp requests and address mask requests externally, so dump them.

It's very dangerous proposal when we start considering everything 0
value which isn't value to ourselves currently. Is ICMP TS known
attack vector? It has one particularly useful diagnostic purpose, you
can use it to measure unidirectional latencies up-to 1ms accuracy. It
has on occasions reduced needed troubleshooting time and reduced
amount of people who need to look into the problem.

-- 
  ++ytti


More information about the NANOG mailing list