On Feb 8, 2015, at 11:58 PM, Brian E Carpenter <[email protected]> wrote: > A middlebox that is trying to flush out a specific type of > upper layer protocol (such as DHCPv6) needs to parse all extension > headers, including ones it doesn't understand, in case there is > an instance of the upper layer protocol behind it. > > In the real world, that means that such middleboxes, if they are > of the paranoid security persuasion, will discard packets that, > as far as they are concerned, are unparseable.
Can you explain, in detail, what a DHCPv6 packet would look like that would get past a filter because either it used unknown extension headers, or an unknown protocol header? _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
