[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Automatic tunnels

To: itojun@iijlab.net
Subject: Re: Automatic tunnels
From: Pekka Savola <pekkas@netcore.fi>
Date: Tue, 5 Aug 2003 16:09:55 +0300 (EEST)
Cc: Christian Huitema <huitema@windows.microsoft.com>, <v6ops@ops.ietf.org>
In-reply-to: <20030731232640.80EB013@coconut.itojun.org>

On Fri, 1 Aug 2003 itojun@iijlab.net wrote:
[...]
> 	we are afraid of our native-to-6to4 device being used as open relay
> 	of packet (bullet 3 in the above, of course).  the IPv4 source address
> 	will be ours, so we will get compliants from random people, because of
> 	malicious traffic from somewhere to 2002::/16.  running 6to4 relay
> 	router is like running open relay smtp server.

.. which is one reason why we force our 6to4 relay to use 192.88.99.1 as
the source address when it encapsulates packets in proto-41 :-)

That way, "our" IPv4 address cannot be traced to be the source of the 
abuse.  It cuts both ways, of course .. and might be prone to even 
increase the amount of anonymous abuse later on..

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Re: Automatic tunnels
  - From: itojun@iijlab.net

Prev by Date: RE: Defintion of Automatic tunnels
Next by Date: RE: [mobile-ip] Re: FW: I-D ACTION:draft-tsirtsis-dsmip-problem-00.txt
Previous by thread: Re: Automatic tunnels
Next by thread: RE: Automatic tunnels
Index(es):
- Date
- Thread