[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed 6to4 work (security)



On Wed, Oct 16, 2002 at 08:43:51AM +0300, Pekka Savola wrote:
> On Wed, 16 Oct 2002 itojun@iijlab.net wrote:
> > 	as outlined in draft-itojun-ipv6-transition-abuse-01.txt, 6to4
> > 	relay routers
> [...]
> > 	- can chew up bandwidth of the 6to4 public relay router provider, and
> > 	  there's no way for an ISP to limit accesses to the relay router
> > 	  to their customers (it has to be public service to everyone)
> 
> I believe you *can* quite effectively limit the access.  First by not 
> advertising 2002::/16 or 192.88.99.1 to your peers (or doing it by some 
> controlled measure, like no-export community), and if it's really 
> important, placing some ACL's.

didn't the same lessons get learnt with smtp relays and abuse, leading to
isp's only allowing their own customers to use their smtp service?  is
there a reason to hope 6to4 could be different?

there probably has to be some differentiation between transition tools that can
be used when the isp offers support (e.g. isatap), and the tools used in 
spite of a lack of isp support (e.g. tunnel broker, where some authentication
can, at present, be more easily included if required).  

tim