Class E addresses? 240/4 history

Eliot Lear lear at ofcourseimright.com
Mon Nov 22 10:39:31 UTC 2021


Hi John,


On 22.11.21 10:25, John Gilmore wrote:
> Eliot Lear <lear at ofcourseimright.com> wrote:
>
> I was not in this part of IETF in those days, so I did not participate
> in those discussions.  But I later read them on the archived mailing
> list, and reached out by email to Dave Thaler for more details about his
> concerns.  He responded with the same general issues (and a request that
> we and everyone else spend more time on IPv6).  I asked in a subsequent
> message for any details he has about such products that he thought would
> fail.  He was unable or unwilling to point out even a single operating
> system, Internet node type, or firewall product that would fail unsafely
> if it saw packets from the 240/4 range.

To be fair, you were asking him to recall a conversation that did take 
place quite some time earlier.

> As documented in our Internet-Draft, all such products known to us
> either accept those packets as unicast traffic, or reject such packets
> and do not let them through.  None crashes, reboots, fills logfiles with
> endless messages, falls on the floor, or otherwise fails.  No known
> firewall is letting 240/4 packets through on the theory that it's
> perfectly safe because every end-system will discard them.
>
> As far as I can tell, what Eliot says really stopped this proposal in
> 2008 was Dave's hand-wave of *potential* concern, not an actual
> documented problem with the proposal.

I wouldn't go so far as to call it a hand wave.  You have found devices 
that drop packets.  That's enough to note that this block of space would 
not be substitutable for other unicast address space.  And quite 
frankly, unless you're testing every device ever made, you simply can't 
know how this stuff will work in the wild. That's ok, though, so long as 
the use is limited to environments that can cope with it.

> If anyone knows an *actual* documented problem with 240/4 packets,
> please tell us!
>
> (And as I pointed out subsequently to Dave, if any nodes currently in
> service would *actually* crash if they received a 240/4 packet, that's a
> critical denial of service issue.  For reasons completely independent
> from our proposal, those machines should be rapidly identified and
> patched, rather than remaining vulnerable from 2008 thru 2021 and
> beyond.  It would be trivial for an attacker to send such
> packets-of-death from any Linux, Solaris, Android, MacOS, or iOS machine
> that they've broken into on the local LAN.  And even Windows machines
> may have ways to send raw Ethernet packets that could be crafted by
> an attacker to appear to be deadly IPv4 240/4 packets.)

Right, and indeed there are devices out there that have been known to 
stop functioning properly under certain forms of attack, regardless of 
the source address.

Eliot

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20211122/c2908ff3/attachment.sig>


More information about the NANOG mailing list