tech-net: Re: NetBSD as a Jumpstart server -- a gotcha!

Subject: Re: NetBSD as a Jumpstart server -- a gotcha!
To: None <thorpej@zembu.com>
From: Atsushi Onoe <onoe@sm.sony.co.jp>
List: tech-net
Date: 06/28/2000 23:04:07

Perhaps I don't follow the context ...

> So, would a:
> 
> net.inet.icmp.maskrepl -> 1
> net.inet.icmp.maskreplttl -> 1
> 
> default sound okay?

No.  RFC 1122 (Host Requirements) 3.2.2.9 clearly prohibit it.

|             A system MUST NOT send an Address Mask Reply unless it is an
|             authoritative agent for address masks.  An authoritative
|             agent may be a host or a gateway, but it MUST be explicitly
|             configured as a address mask agent.  Receiving an address
|             mask via an Address Mask Reply does not give the receiver
|             authority and MUST NOT be used as the basis for issuing
|             Address Mask Replies.

|             DISCUSSION
|                  Hosts that casually send Address Mask Replies with
|                  invalid address masks have often been a serious
|                  nuisance.  To prevent this, Address Mask Replies ought
|                  to be sent only by authoritative agents that have been
|                  selected by explicit administrative action.

Atsushi