[6bone] Headsup: Block messaging over IPv6 options
Xavier Roche
rocheml@httrack.com
Tue, 15 Jul 2003 22:35:53 +0200
Jeroen Massar wrote:
> Better start checking the IP addresses too, because I could easily:
Do you assume that we should filter /64 suffixes such as
3ffe:8114:2000:0240:cafe:babe:dead:beef
to avoid java hackers ? :)
> Think of the nice DNS tunnels :)
Or even encoding data using latency between regular IP packets
(>Nms = 1, <N/2ms=0), low-level error correction, and so on..
> If you really want to firewall your users: disconnect them.
Agree - there is IMHO a confusion between security and the control of
what kind of data can be transmitted - playing with IP packets and hiding
data on them has nothing to do with security
---
Xavier Roche
roche at httrack dot com