[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed 6to4 work (security)

To: itojun@iijlab.net
Subject: Re: Proposed 6to4 work (security)
From: Pekka Savola <pekkas@netcore.fi>
Date: Wed, 16 Oct 2002 08:43:51 +0300 (EEST)
Cc: Gert Doering <gert@space.net>, Alain Durand <Alain.Durand@Sun.COM>, IPv6 Operations <v6ops@ops.ietf.org>, Margaret Wasserman <mrw@windriver.com>
Delivery-date: Tue, 15 Oct 2002 22:45:30 -0700
Envelope-to: v6ops-data@psg.com

On Wed, 16 Oct 2002 itojun@iijlab.net wrote:
> 	as outlined in draft-itojun-ipv6-transition-abuse-01.txt, 6to4
> 	relay routers
[...]
> 	- can chew up bandwidth of the 6to4 public relay router provider, and
> 	  there's no way for an ISP to limit accesses to the relay router
> 	  to their customers (it has to be public service to everyone)

I believe you *can* quite effectively limit the access.  First by not 
advertising 2002::/16 or 192.88.99.1 to your peers (or doing it by some 
controlled measure, like no-export community), and if it's really 
important, placing some ACL's.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

Prev by Date: Re: Proposed 6to4 work (security)
Next by Date: Re: Proposed 6to4 work (security)
Previous by thread: Re: Proposed 6to4 work (security)
Next by thread: Re: Proposed 6to4 work (security)
Index(es):
- Date
- Thread