Erik Kline <[email protected]> wrote:
> Some observations, and questions for the working group.
> I'm not sure we have enough input on whether 511 is useful or not.
> There seemed to be some suggestion it would help, and some that it
> wouldn't. Perhaps one question we could ask is whether it's harmful?
> And if we agree it's not harmful, is it worth developing some
> recommendations for its use?
I think you are asking the right question here.
> As for the ICMP unreachable option, I certainly don't think it would
> be harmful (with the extra URL bits removed for now). Is that
> something we wish to progress?
I am keen to see it progress as you describe.
> Given that we're probably looking at a portal detection method based
> on entirely new work, it seems to me we're free to look at new things
> like utilizing the PVD detection scheme (DNS queries for "provisioning
> domain names", followed by other interaction still TBD). Have the
> portal implementors reviewed this and given consideration as to
> whether its useful? (I think of the discovery of the portal and
> subsequent interaction with it as 2 separate processes conducted,
> obviously, in serial.)
On this topic, I imagine you have all read about:
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
In which the investigator discovers that this malware looked for zones that
ought not to exist, and if they did, assumed it was in a quaranteen/lab..
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature