Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational

[Tim Chown <tjc@ecs.soton.ac.uk>]

On Wed, Jun 14, 2006 at 05:28:11PM +0200, Gert Doering wrote:
> Hi,
> 
> On Tue, Jun 13, 2006 at 05:29:53PM -0700, Fred Baker wrote:
> > As to my comment on the Hop Limit, I did read the document. It  
> > states, in several places, that the recommendation is that the Hop  
> > Limit be set to 255 and tested for still being 255 on receipt. What I  
> > stated was that I would go at it a different way. If the packet is  
> > sent with Hop Limit = 1, it cannot pass a compliant router or  
> > firewall, so there is no need to test for whether it did or didn't.  
> > My way is, I think, more robust - it depends only on the sender, not  
> > the sender and the receiver. 
> 
> Well, actually I tend to disagree.  If you're concerned about security,
> you must assume that the sender will do everything possible to break
> things - and that way, he will NOT be well-behaved and send out packets
> with a TTL of 1.
> 
> Making the TTL=255? check on the receiver makes sure that the packet MUST
> come from a directly connected host - no matter how ill the intentions of
> the sender.

Hmm, this discussion looks very familiar ;)

-- 
Tim/::1