On 1-Oct-2007, at 0511, Jari Arkko wrote:
Hi David, and thanks for your review. Inline:
As such, the whole document is a security consideration. The
vulnerability appears well-documented, and the guidelines for
handling
the deprecated RH0 are clear.
Good.
Just by-the-by, I noticed the first reports of peoples' "block-rh0"
filters in live production networks taking hits yesterday. The notes
I saw showed periods of low-volume, low-frequency packets with RH0,
and also periods in which the traffic volume was noticeably higher.
The reports I saw featured source addresses in CERNET in China. It
was not obvious whether those had been spoofed.
It is of course difficult go gauge the motivation for sending the
packets when you're on the receiving end. However, I thought it
noteworthy that such things had been seen, recently, in the wild.
Joe
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf