[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 security questions



On Fri, 22 Nov 2002, Brian E Carpenter wrote:
> Pekka Savola wrote:
> > 
> > On Fri, 22 Nov 2002, Brian E Carpenter wrote:
> > > There are spoofing/DDOS risks in the host-based anycast 6to4 model
> > > that has been implemented but never fully specified.
> > 
> > Do not classify this as "host-based".  There is nothing particularly
> > host-based in this.
> 
> Yes there is, because hosts don't generally support BGP4+

Wrong analogy.  Very small amount of routers use BGP4+, and even fewer 
(none?) use it in the 6to4 context.

> > And you said you're not aware of anything in the spec that'd need
> > modification. Right..
> 
> My original preference was to *only* specify the BGP4+ model
> for 6to4. I was talked out of it. 

That would have been an *entirely* different 6to4. 

One that would have gone the way to the 6over4, most probably.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords