[6bone] Headsup: Block messaging over IPv6 options

Xavier Roche rocheml@httrack.com
Tue, 15 Jul 2003 22:35:53 +0200

Previous message: [6bone] Headsup: Block messaging over IPv6 options
Next message: [6bone] Headsup: Block messaging over IPv6 options
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jeroen Massar wrote:
> Better start checking the IP addresses too, because I could easily:

Do you assume that we should filter /64 suffixes such as
3ffe:8114:2000:0240:cafe:babe:dead:beef
to avoid java hackers ? :)

> Think of the nice DNS tunnels :)

Or even encoding data using latency between regular IP packets
(>Nms = 1, <N/2ms=0), low-level error correction, and so on..

> If you really want to firewall your users: disconnect them.

Agree - there is IMHO a confusion between security and the control of
what kind of data can be transmitted - playing with IP packets and hiding
data on them has nothing to do with security

---
Xavier Roche
roche at httrack dot com

Previous message: [6bone] Headsup: Block messaging over IPv6 options
Next message: [6bone] Headsup: Block messaging over IPv6 options
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]