tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: ICMPv6 redirects
>>> I do understand why this is implemented this way. But shouldn't
>>> this be tunable?
>> [..."I think so"...]
> In this case, though, there's a security issue, though arguably one
> that's not a lot more serious than Neighbor Discovery without SEND.
What's the issue? I can't see anything wrong with this, unless the
threat model includes hostile machines in the same broadcast domain.
(Yes, there are plenty of environments where that's a necessary part of
the threat model, but there are also plenty of environments where it's
not, and I don't think it's sane to cater to the former to the extent
of making it require hacking the code to obtain certain reasonable
configurations for the latter.)
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index