On Tue, Sep 04, 2001 at 02:38:10PM -0700, Greg Ketell wrote:
> At 02:23 PM 9/4/2001, Lane Patterson wrote:
>
> >Yes, and they are unnecessary, and have been as far back as I'm aware,
> >which is IOS 11.x-12.x, including a few that I just sanity tested so I
> >wouldn't look like an idiot sending out this mail :-) I haven't tested
> >any old 10.3 routers.
> >
> >IOS does in fact behave as I've described, without extra effort, and I
> >doubt it would be too hard for any other leading favorite vendor to
> >incorporate this most logical behavior (Greg?) :-)
>
> Already forwarded to the developers for internal discussion. :->
Another similar problem exists for LDP - this, however, is not
as easily solved since knowledge of potential peers doesn't
(always) exist. In the case of local Label Distribution Peers,
a router could probably maintain a list of (or check for) valid
source adresses among the adjacant peers before engaging in
a TCP handshake, but with remote Label Distribution Peers as
seen with TE (MPLS-RSVP-TUNNELS) and similar, one would have
to check the whole IGP domain. Someone could probably come up
with corner cases where that isn't enough either.
Then again, one could just make sure that there is no way to
exploit the LDP process to begin with :P
> GK
/Niels Chr.
-- Niels Christian Bank-Pedersen, NCB1-RIPE."Hey, are any of you guys out there actually *using* RFC 2549?"
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT