Bernd Ernesti wrote:

>On Wed, Apr 25, 2007 at 08:46:05AM +0200, Gert Doering wrote:
>> I'm not sure whether "the NetBSD network folks" are aware of the following
>> issue:
>> 
>> http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
[..]

>I guess you are talking about the following commit:

>: Date: Sun, 22 Apr 2007 19:47:42 +0000 (UTC)
>: From: Christos Zoulas <christos@NetBSD.org>
>: Subject: CVS commit: src
[..]
>: Log Message:
>: Disable processing of routing header type 0 packets since they can be used
>: of DoS attacks. Provide a sysctl to re-enable them (net.inet6.ip6.rht0).

Indeed, that would be the necessary change.

I am not following the CVS commit messages - I checked tech-net, didn't
find anything here, nothing in any of the announcement lists either, so 
I decided to err on the safe side, and bring it up here.

What about a pullup to netbsd-3 and netbsd-2?

gert

-- 
gert@greenie.muc.de   fax: +49-89-35655025   http://alpha.greenie.net/mgetty/

One difference between a man and a machine
is that a machine is quiet when well oiled.