WIndows Updates Fail Via IPv6 - Update!
adamv0025 at netconsultings.com
adamv0025 at netconsultings.com
Tue Mar 5 14:54:34 UTC 2019
> From: NANOG <nanog-bounces at nanog.org> On Behalf Of Saku Ytti
>
> Hey Rich,
>
> > I've pointed folks at this for years:
> > ICMP Packet Filtering v1.2
> > http://www.cymru.com/Documents/icmp-messages.html
>
>
> To me, the correct pattern is here is to deny things you know to be harmful
> and can justify it reasonably and test that justification over time for its
> validity.
>
Let me play a devil's advocate here, the above statement begs a question then, how do you know all that is harmful would you test for every possible extension and hw/sw permutation?
So there would be 3 sets (though lines might be blurred) known safe, known harmful and the biggest of them unknown unknowns.
Now as an operator of a commercial network (i.e. your customers like it mostly up) wouldn't you do a calculated risk evaluation and opt for the known safe -which you know 99% of your customers use and block the rest while pissing off the remaining 1%?
I know it sounds awful (like a calculations for vehicle safety recalls), but ...
adam
More information about the NANOG
mailing list