On Mon, 27 Feb 2023 at 10:16, Rolf Winter <rolf.winter@hs-augsburg.de> wrote:
"https://downforeveryoneorjustme.com/". But, somebody might use your server for this. How do people feel about this? Restrict the reverse traceroute operation to be done back to the source or allow it more freely to go anywhere?
What are the pros and cons of this? Let's call it destination TLV. If I am someone who wants to do volumetric attack, I won't set any destination TLV, because without destination TLV and by spoofing my source, I get more leverage. If my source and destination TLV differ, then I have less leverage. So in this sense, it adds no security implications, but adds a massive amount of diagnostic power, as one very common request is to ask traceroute between nodes you have no access to. What it would allow is port knocking the ports used through proxy, if this matters or not might be debatable. Perhaps the standard should consider some abilities to be default on, and others default off, and let the operator decide if they want to turn some default off abilities on, such as honoring destination TLV. -- ++ytti