[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BCP for securing IPv6 Linux end node in AWS

Subject: BCP for securing IPv6 Linux end node in AWS
From: saku at ytti.fi (Saku Ytti)
Date: Sun, 14 May 2017 17:30:12 +0300
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

On 14 May 2017 at 16:49, Eric Germann <ekgermann at semperen.com> wrote:

Hey,

> For example, on the IPv4 side, there arguably is no value to timestamp requests and address mask requests externally, so dump them.

It's very dangerous proposal when we start considering everything 0
value which isn't value to ourselves currently. Is ICMP TS known
attack vector? It has one particularly useful diagnostic purpose, you
can use it to measure unidirectional latencies up-to 1ms accuracy. It
has on occasions reduced needed troubleshooting time and reduced
amount of people who need to look into the problem.

-- 
  ++ytti

References:
- BCP for securing IPv6 Linux end node in AWS
  - From: ekgermann at semperen.com (Eric Germann)
- BCP for securing IPv6 Linux end node in AWS
  - From: alarig at swordarmor.fr (Alarig Le Lay)
- BCP for securing IPv6 Linux end node in AWS
  - From: ekgermann at semperen.com (Eric Germann)

Prev by Date: BCP for securing IPv6 Linux end node in AWS
Next by Date: SAFNOG-3: 4th - 7th September, 2017 - Durban, South Africa!
Previous by thread: BCP for securing IPv6 Linux end node in AWS
Next by thread: BCP for securing IPv6 Linux end node in AWS
Index(es):
- Date
- Thread