Re: I-D ACTION:draft-savola-v6ops-6to4-security-01.txt

[Pekka Savola <pekkas@netcore.fi>]

On Wed, 18 Dec 2002, Fred L. Templin wrote:
> I don't have a strong opinion on whether/not this is good enough.
> But, I do I see a difference in the two models: in the v4 case, the
> v4 destination receives the log of v4 source addresses. In the v6
> case (and using your mechanism) the *true* v6 source receives the
> log of v4 source addresses.

Hmm.. your use of the word "true" seem ambiguous?

The proposed solution (which seems like a nice idea to me) is that the 
_attacked node_ (ipv6 source address in the spoofed packets) receives 
these reports -- seems the same as the case in v4 (with the exception that 
reports are received from the internet, not from received packets 
themselves).

But this is by no means simple as that; you have to consider things like 
the attacker sending false reports to the target directly to "water down" 
the report results.

As such this is very much like iTrace, and if implemented, I guess this
should be just an extension (or simplification) of it, for this specific
purpose.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords