On 20210915, at 21:59, Bjørn Mork <bjorn@mork.no> wrote:
Philip Homburg <philip.homburg@ripe.net> writes:
As far as I know, this a well known Juniper bug where their routers forward errors ICMPs without checking whether the source address is link local.
Thinking about this...
If you can't verify the source, which with LL you cannot as they are on every interface around the world, it is spoofable. Do you really want to receive a fe80::/10 at your recursive DNS service as a request (which could be valid, locally). fe80::/10 should never have a TTL other than 1... it is link-local. The whole point of the thread is to find networks that allow non-routed addresses, the standard BCP38 trick. Detecting RFC1918 in traceroutes might just be a cheap-ish way to identify these kind of networks (especially when outbound NAT happens, thus spoofing gets killed). Greets, Jeroen