[AusNOG] Consensus from the IETF 88 Technical Plenary - Internet hardening

Narelle narellec at gmail.com
Fri Nov 8 16:57:48 EST 2013


On Fri, Nov 8, 2013 at 3:06 PM, David Miller <dmiller at tiggee.com> wrote:
> On 11/7/2013 10:20 PM, Dobbins, Roland wrote:
>> There are no technical solutions to social ills.  If this comes to pass, we will all regret it.
>
> There have been throughout history, many many technical solutions to
> social ills.

This is the only RFC that will fix things. It should be applied immediately.

http://www.ietf.org/rfc/rfc3514.txt

The Security Flag in the IPv4 Header

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   Firewalls, packet filters, intrusion detection systems, and the like
   often have difficulty distinguishing between packets that have
   malicious intent and those that are merely unusual.  We define a
   security flag in the IPv4 header as a means of distinguishing the two
   cases.

1. Introduction

   Firewalls [CBR03], packet filters, intrusion detection systems, and
   the like often have difficulty distinguishing between packets that
   have malicious intent and those that are merely unusual.  The problem
   is that making such determinations is hard.  To solve this problem,
   we define a security flag, known as the "evil" bit, in the IPv4
   [RFC791] header.  Benign packets have this bit set to 0; those that
   are used for an attack will have the bit set to 1.

etc


Cheers


N



More information about the AusNOG mailing list