4 Jun
2020
4 Jun
'20
2:06 p.m.
That vulnerability sounds quite like what alot of us
have been saying for years....hummm...73,- Lynwood KB3VWG
True! I have mentioned many times that it is best to filter incoming protocol-4 based on
a list of valid gateway addresses,
and also to filter traffic from those tunnels with filters allowing only AMPRnet addresses
(except from amprgw when you use that to receive traffic from internet).
We can only hope that this "discovery" and CERT registration will not lead to
broad "protocol 4 blocks" by ISPs and transit providers, as has happened with
NTP traffic when that was the topic.
Maybe another motivation to move from the IPIP mesh to something more modern?
Rob