[nsp] ipv6 address ::X/128 on Cisco router

Tantsura, Jeff jeff.tantsura at capgemini.com
Sun Jun 20 11:11:52 EDT 2004




-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gert Doering
Sent: Saturday, June 19, 2004 12:08 AM
To: Stephen J. Wilcox
Cc: Ryan O'Connell; Gert Doering; cisco-nsp at puck.nether.net
Subject: Re: [nsp] ipv6 address ::X/128 on Cisco router

Hi,

On Fri, Jun 18, 2004 at 09:48:49PM +0100, Stephen J. Wilcox wrote:
> i thought (and cant find a link to confirm this so i may be wrong..)
> that 127/8 is implicitly dropped on ingress as it is not a valid
address for a router?

The hosts requirements RFC requires that packets with such a source or
destination address never appears on the wire.

Recent worms have demonstrated that Microsoft programmers don't know
this
- Windows worms have been seen sending out packets with a source IP of
127.0.0.1 (source port 80) to random destinations, and both C and J
routers happily forward them, unless uRPF (or similar) is applied.

Right, I've seen 1000000's of these on UNIX's firewalls.

Jeff




Our name has changed.  Please update your address book to the following format: "recipient at capgemini.com".

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.




More information about the cisco-nsp mailing list