WIndows Updates Fail Via IPv6 - Update!

• Previous message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Next message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: Saku Ytti <saku at ytti.fi>
> Sent: Tuesday, March 5, 2019 3:00 PM
> 
> On Tue, Mar 5, 2019 at 4:54 PM <adamv0025 at netconsultings.com> wrote:
> 
> > Let me play a devil's advocate here, the above statement begs a question
> then, how do you know all that is harmful would you test for every possible
> extension and hw/sw permutation?
> > So there would be 3 sets (though lines might be blurred) known safe,
> known harmful and the biggest of them unknown unknowns.
> > Now as an operator of a commercial network (i.e. your customers like it
> mostly up) wouldn't you do a calculated risk evaluation and opt for the
> known safe -which you know 99% of your customers use and block the rest
> while pissing off the remaining 1%?
> > I know it sounds awful (like a calculations for vehicle safety recalls), but ...
> 
> 
> Fear is excellent marketing tool, as we can see in politics, works every time.
> But I rather fix realised problems, rather than make unprovable assumptions
> of actions yielding to net benefit. The assumption here is, if we just allow
> ICMP types A, B and C we are gaining in security, can we substantiate that
> claim at all? We can substantiate easily that the proposed ICMP filter breaks
> real useful ICMP tooling.
> 
> 
>From past experience my assumptions would be more along the lines of if it's not mainstream there's a higher likelihood that it might trigger exceptions in code.  

adam

• Previous message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Next message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]