Re: Review: draft-ietf-v6ops-nap-01.txt

To: "Ralph Droms $rdroms$" <rdroms@cisco.com>

Subject: Re: Review: draft-ietf-v6ops-nap-01.txt

From: Fred Baker <fred@cisco.com>

Date: Wed, 24 Aug 2005 06:21:30 +0800

Authentication-results: imail.cisco.com; header.From=fred@cisco.com; dkim=pass ( message from cisco.com verified; );

Cc: "chenhongfei" <chenhongfei@huawei.com>, "Eric Klein" <ericlklein@softhome.net>, <v6ops@ops.ietf.org>

Dkim-signature: a=rsa-sha1; q=dns; l=2349; t=1124835462; x=1125267662; c=nowsp; s=nebraska; h=Subject:From:Date:Content-Type:Content-Transfer-Encoding; d=cisco.com; i=fred@cisco.com; z=Subject:Re=3A=20Review=3A=20draft-ietf-v6ops-nap-01.txt| From:Fred=20Baker=20<fred@cisco.com>| Date:Wed,=2024=20Aug=202005=2006=3A21=3A30=20+0800| Content-Type:multipart/alternative=3B=20boundary=3DApple-Mail-18-499602585; b=qCxW2EgVKGfv7uNwSp6FeWbd2NoxkdWTXOEJt7E+i+S7MdznvzT1Bnru6ie8sA/pth+aegZ7 eKmRmeb6Fc3k7B/s0dDK44RiBYnoJFn5nc9kjjno+oA+2dC+KWsLoBQpuSG7JcDg49+NgT0vDZg 6WEquawcYiW3ZP8/uQ37YwSo=

In-reply-to: <6F66F4F04858B945B836804F0F2AE6BB2C8A72@xmb-rtp-211.amer.cisco.com>

References: <000001c5a7c1$2c100020$56646e0a@china.huawei.com> <0A7A4FAB-F105-4B95-88D6-453CE94C77CE@cisco.com> <6F66F4F04858B945B836804F0F2AE6BB2C8A72@xmb-rtp-211.amer.cisco.com>

On Aug 23, 2005, at 10:02 PM, Ralph Droms ((rdroms)) wrote:

Is there also the requirement that the address of one device that sends packets to the outside not give clues about other addresses that might be in use or the network topology on the inside?

I'll argue that those clues already exist. The delegated prefix is advertised outside, and a simple traceroute sweep across the network can identify the routers in the network and at least some of the subnets. The routers will respond with "TTL expired", revealing their ingress subnet numbers. If the administration chooses a common host part for routers (such as <prefix>::0001or some such thing), it will be trivial for the sweeper to deduce this from the traceroute responses and then ping sweep the routers in the network, determining all subnet numbers.