[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?
Erik;
One case where MIPv6 is weaker than today's Internet is that an attacker
which is on the path for a few seconds can redirect packets for a few minutes.
One case where MIPv6 is no weaker than today's Internet is that
an attacker which is on the path for a few seconds can, by modifying
DNS answer, redirect packets for weeks.
In addition, an elementary fact on serious security is that once an
attack to a system is successful, the system is kept to be contaminated
unless the system is fully initialized.
That is,
One case where MIPv6 is weaker than today's Internet is that an attacker
which is on the path for a few seconds can redirect packets for a few minutes.
In today's Internet an attacker needs to be on the path all the time in order
to be able to redirect packets to some other destination (for instance
by spoofing ARP on an Ethernet between two routers).
MIPv6 explicitly allows this but does limits the exposure to a few minutes.
is not a serious argument on security, at all.
However, the argument is even more pointless from the beginning.
MIPv6 and M6 share a property that they handle multiple addresses
but nothing beyond that.
That is, comparison of security of MIPv6 and M6 is nothing more
than an abstract nonsense.
Masataka Ohta
PS
Can you discontinue the thread on false threats?