[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 6to4 security questions
On Fri, 22 Nov 2002, Brian E Carpenter wrote:
> Pekka Savola wrote:
> >
> > On Fri, 22 Nov 2002, Brian E Carpenter wrote:
> > > There are spoofing/DDOS risks in the host-based anycast 6to4 model
> > > that has been implemented but never fully specified.
> >
> > Do not classify this as "host-based". There is nothing particularly
> > host-based in this.
>
> Yes there is, because hosts don't generally support BGP4+
Wrong analogy. Very small amount of routers use BGP4+, and even fewer
(none?) use it in the 6to4 context.
> > And you said you're not aware of anything in the spec that'd need
> > modification. Right..
>
> My original preference was to *only* specify the BGP4+ model
> for 6to4. I was talked out of it.
That would have been an *entirely* different 6to4.
One that would have gone the way to the 6over4, most probably.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords