<div dir="ltr"><div><br></div><div>The CYMRU page is pretty IPv4 specific. It’s not even attempting to touch on IPv6 as yet. Same as what it originated from, e.g. the Secure IOS template.</div><div><br></div><div class="gmail_extra">
<br><div class="gmail_quote">On 23 November 2015 at 17:25, Jeremy Visser <span dir="ltr"><<a href="mailto:jeremy.visser@gmail.com" target="_blank">jeremy.visser@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Mon, Nov 23, 2015 at 2:15 PM, David Hughes <<a href="mailto:david@hughes.com.au">david@hughes.com.au</a>> wrote:<br>
> Team Cymru could be a good first point of reference.<br>
> <a href="https://www.cymru.com/Documents/icmp-messages.html" rel="noreferrer" target="_blank">https://www.cymru.com/Documents/icmp-messages.html</a><br>
<br>
</span>Ouch. That page doesn't suggest allowing ICMP "Packet Too Big" which<br>
is a recipe for tarpitting TCP should you use IPv6 on a <1500 MTU<br>
network and don't hack your TCP MSS.<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</div></div></blockquote></div><br></div></div>