[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Host-based may be the way to go, but network controls are neccessary

To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Subject: Re: Host-based may be the way to go, but network controls are neccessary
From: Kurt Erik Lindqvist <kurtis@kurtis.pp.se>
Date: Fri, 22 Nov 2002 04:09:37 +0100
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, "J. Noel Chiappa" <jnc@ginger.lcs.mit.edu>, multi6@ops.ietf.org
In-reply-to: <200211220302.gAM325te041700@givry.rennes.enst-bretagne.fr>

   Agree. However, addressspace and preventing DDOS are two completely
   different issues.

=> this is not 100% true: with the 2^64 addresses per link of IPv6,
you open the door to "in prefix" source spoofing, i.e., DDoS,
which defeats ingress filtering (look at the 3041 considered harmful
about the detailed argument).

The ip direct-broadcast problem is also in this way a addressing problem. I think it's not. It's an implementation issue. We create knobs for reasons, but we need to be careful with what we define as the default.

- kurtis -

References:
- Re: Host-based may be the way to go, but network controls are neccessary
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: Re: Host-based may be the way to go, but network controls are neccessary
Next by Date: Re: Host-based may be the way to go, but network controls areneccessary
Previous by thread: Re: Host-based may be the way to go, but network controls are neccessary
Next by thread: Re: Host-based may be the way to go, but network controls are neccessary
Index(es):
- Date
- Thread