WIndows Updates Fail Via IPv6 - Update!

• Previous message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Next message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: NANOG <nanog-bounces at nanog.org> On Behalf Of Saku Ytti
> 
> Hey Rich,
> 
> > I've pointed folks at this for years:
> >         ICMP Packet Filtering v1.2
> >         http://www.cymru.com/Documents/icmp-messages.html
> 
> 
> To me, the correct pattern is here is to deny things you know to be harmful
> and can justify it reasonably and test that justification over time for its
> validity.
> 
Let me play a devil's advocate here, the above statement begs a question then, how do you know all that is harmful would you test for every possible extension and hw/sw permutation?
So there would be 3 sets (though lines might be blurred) known safe, known harmful and the biggest of them unknown unknowns. 
Now as an operator of a commercial network (i.e. your customers like it mostly up) wouldn't you do a calculated risk evaluation and opt for the known safe -which you know 99% of your customers use and block the rest while pissing off the remaining 1%? 
I know it sounds awful (like a calculations for vehicle safety recalls), but ...
 

adam 

• Previous message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Next message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]