[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 security questions



Alain Durand wrote:
> 
> Brian E Carpenter wrote:
> 
> >Pekka,
> >
> >My fundamental question since the 6to4 spoofing issue was first
> >raised is whether this exposure to spoofing is a *significant*
> >addition to the generic exposure. If you were a spoofer, would
> >you really bother spoofing 6to4 rather than just plain spoofing?
> >
> IPv4 ingress filtering is an answer to IPv4 spoofing.
> IPv6 ingress filtering is an answer to IPv6 spoofing
> 
> The 6to4 relay architecture enable an IPv4 attacker to bypass
> IPv4 and IPv6 ingress filtering to bring down an IPv6 host.

I'm aware of all that, but you're not answering my question.
Is the risk significant?

    Brian