> On Dec 5, 2018, at 5:54 AM, Nick Hilliard <[email protected]> wrote: > > Joe Touch wrote on 05/12/2018 13:12: >> The choices below don’t include declaring this a security risk and >> turning it off. >> If you want to change the standard, do so. But this isn’t a step >> isn’t that direction. And the previous attempts only show why IPv6 >> has adoption problems. >> The standard can still be changed, but regardless, this simply is not >> a security issue and shouldn’t be sold as one. > If J Random Hacker in his mom's basement can launch an attack which takes > down your network core because your management planes can't handle 1Tbit, or > more realistically 10gbit, of HBH packets, then that is categorically a > network security issue, even if it is a secondary effect.
So every SNMP packet is an attack as well? As is every routing packet? A security issue is created when a packet can cause *disproportionate* load. Otherwise it’s just called load. The security issue is the implementation not throttling such packets to avoid having 10G of them shutting down the control plane. Yes, that’s a security issue, but it’s not the fault of the HBH packets. Joe _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
