[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 security questions

To: Erik Nordmark <Erik.Nordmark@sun.com>
Subject: Re: 6to4 security questions
From: itojun@iijlab.net
Date: Sat, 18 Jan 2003 09:04:38 +0900
Cc: Jason Goldschmidt <jgoldsch@eng.sun.com>,Tim Chown <tjc@ecs.soton.ac.uk>, v6ops@ops.ietf.org
In-reply-to: Erik.Nordmark's message of Thu, 16 Jan 2003 20:16:52 +0100. <Roam.SIMC.2.0.6.1042744612.32188.nordmark@bebop.france>

>A long time ago Jason said:
>
>> At Sun we are using 6to4, as an early transition mechanism, for our 
>> deployment.  For the past few years we have had a few (read 3) 
>> engineering sites connected by configured tunnels.  We found deployment 
>> scalability problems with this approach, so we decided to go with 6to4. 
>
>What Jason forgot to mention was that this deployment (inside Sun's firewalls)
>uses exclusively 6to4 addresses.

	you mean that there's no external connectivity to the 6bone?  if sun's
	firewall is acting as a 6to4 border router, the box is subject to
	various attacks (as it will accept 6to4-encapsulated packet from
	anybody).

>Thus there are no 6to4 relays.

	having 6to4 relay router is totally different question from running
	a 6to4 site.

itojun

Follow-Ups:
- Re: 6to4 security questions
  - From: Erik Nordmark <Erik.Nordmark@sun.com>
- Re: 6to4 security questions
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

References:
- Re: 6to4 security questions
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

Prev by Date: RE: An alternative to 6to4 and teredo
Next by Date: Re: An alternative to 6to4 and teredo
Previous by thread: Re: 6to4 security questions
Next by thread: Re: 6to4 security questions
Index(es):
- Date
- Thread