Re: WIndows Updates Fail Via IPv6 - Update!

[Fernando Gont <fgont () si6networks com>]

On 3/3/19 20:16, Mark Andrews wrote:
> > On 4 Mar 2019, at 9:33 am, Stephen Satchell <list () satchell net> wrote:
> >
> > On 3/3/19 1:04 PM, Mark Andrews wrote:
> > > There are lots of IDIOTS out there that BLOCK ALL ICMP.  That blocks PTB getting
> > > back to the TCP servers.
> >
> > For those of us who are in the dark, "PTB" appears to refer to "Packet
> > Too Big" responses in ICMPv6.
> >
> > Yes, some admins don't have fine-enough grain tools to block or throttle
> > specific types of ICMP, but that's the fault of the vendors, not the admins.
>
> No, it is the fault of the admins.  They should be making it part of the purchasing
> decision if they want to filter ICMP.  It’s not like selective filtering is a new idea.
> It is well over 20 years old at this stage.  The amount of +20 year old equipment on the
> net is minimal.  
>
> That said modern OS’s don’t need other equipment to “protect" them from ICMP of any form.

These news don't help in that direction:
https://www.theregister.co.uk/2016/06/02/cisco_warns_of_ipv6_dos_vulnerability/

(I'm not complaining about the news, but about the bugs, if you wish)

-- 
Fernando Gont
SI6 Networks
e-mail: fgont () si6networks com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492