[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Inflexible ICMP6 Error-limiting Considered Harmful

Subject: Inflexible ICMP6 Error-limiting Considered Harmful
From: [email protected] ([email protected])
Date: Thu, 19 Jul 2001 00:48:17 +0900
In-reply-to: pekkas's message of Tue, 17 Jul 2001 21:55:01 +0300. <[email protected]>

	this portion is implementation-dependent (as described in RFC2463) so
	noone is right and noone is wrong, but...

>Real fix would be to implement _error-rate_, in addition to
>_error-interval_ (with sane defaults).  For example, if sampling period
>would be 100 ms and it would be acceptable to have 5 _packets_ per period,
>the potential denial of service attacks would be prevented but the
>traceroute, etc. functionality would still work.

	during KAME development process, it was found that error interval
	limitation is not a good way.  we now impose "maximum N outgoing
	icmp6 per second" (packet-per-second) limitation, which works quite
	well.

itojun

Follow-Ups:
- Inflexible ICMP6 Error-limiting Considered Harmful
  - From: [email protected] ([email protected])

References:
- Inflexible ICMP6 Error-limiting Considered Harmful
  - From: [email protected] (Pekka Savola)

Prev by Date: Inflexible ICMP6 Error-limiting Considered Harmful
Next by Date: 6bone pTLA 3FFE:8260::/28 allocated to COMPENDIUM-AR
Previous by thread: Inflexible ICMP6 Error-limiting Considered Harmful
Next by thread: Inflexible ICMP6 Error-limiting Considered Harmful
Index(es):
- Date
- Thread