[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-savola-v6ops-6to4-security-01.txt
On Wed, 18 Dec 2002, Fred L. Templin wrote:
> I don't have a strong opinion on whether/not this is good enough.
> But, I do I see a difference in the two models: in the v4 case, the
> v4 destination receives the log of v4 source addresses. In the v6
> case (and using your mechanism) the *true* v6 source receives the
> log of v4 source addresses.
Hmm.. your use of the word "true" seem ambiguous?
The proposed solution (which seems like a nice idea to me) is that the
_attacked node_ (ipv6 source address in the spoofed packets) receives
these reports -- seems the same as the case in v4 (with the exception that
reports are received from the internet, not from received packets
themselves).
But this is by no means simple as that; you have to consider things like
the attacker sending false reports to the target directly to "water down"
the report results.
As such this is very much like iTrace, and if implemented, I guess this
should be just an extension (or simplification) of it, for this specific
purpose.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords