[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Opportunistic Tunneling

To: Jun-ichiro itojun Hagino <itojun@itojun.org>
Subject: Re: Opportunistic Tunneling
From: Pekka Savola <pekkas@netcore.fi>
Date: Thu, 26 Feb 2004 08:23:51 +0200 (EET)
Cc: Erik.Nordmark@sun.com, <v6ops@ops.ietf.org>
In-reply-to: <20040225233826.1C5A9B9@coconut.itojun.org>

On Thu, 26 Feb 2004, Jun-ichiro itojun Hagino wrote:
> >  2) 6to4 and Teredo (to a lesser degree AFAIK) are pretty anonymous
> > services.  When someone abuses using those addresses, there is no ISP
> > "hosting" the service which would get abuse etc. reports, get
> > blacklisted if someone behaves badly, etc. -- on the other hand, if
> > the ISP offers the service to outsiders using its RIR address space,
> > this will certainly lead to all kinds of nasty administrative
> > actions.. sooner or later raising the question, "why are we even
> > providing this kind of service to outsiders for free, if we get
> > nothing but trouble!?!"
> 
> 	as mentioned in (already expired) transition-abuse draft, 6to4 relay
> 	routers (provided by ISPs) will get abused by malicious parties, and
> 	ISPs get blamed for the traffic being generated by the abuse.  i
> 	strongly disagree with the above statement.

As stated earlier, using 192.88.99.1 fixes some of that.  Of course,
if you source that traffic towards your neighbor, he could send abuse
report anyway ("your network is sending something weird at us!") --
which using a neutral source address obviously does not fix.

I assume you disagree with "no ISP is hosting the service to get abuse 
reports".

Because I'm sure you'll agree the implied fact that if the ISP has to 
choose between:
 1) providing 6to4 relay to anonymous outsiders, with 192.88.99.1 
address, or
 2) providing tunnel service to anonymous outsiders, with its own 
address space

1) seems to be significantly simpler to handle abuse-wise.  Many ISPs 
could do 1), but would never do 2).

This is the critical point.  If we don't do something like 6to4, there
must be a lot of anonymous ISPs offering similar, free and
easy-to-setup tunnel-broker -like service.  Comparison of 1) and 2)  
implies that that such a tunnel server model would be unfeasible.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Re: Opportunistic Tunneling
  - From: itojun@itojun.org (Jun-ichiro itojun Hagino)

Prev by Date: RE: Opportunistic Tunneling
Next by Date: Re: Opportunistic Tunneling
Previous by thread: Re: Opportunistic Tunneling
Next by thread: Re: Opportunistic Tunneling
Index(es):
- Date
- Thread