[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: draft-wbeebee-ipv6-cpe-router-04 comments

To: "Mikael Abrahamsson" <swmike@swm.pp.se>, "IPv6 Operations" <v6ops@ops.ietf.org>
Subject: RE: draft-wbeebee-ipv6-cpe-router-04 comments
From: "Hemant Singh (shemant)" <shemant@cisco.com>
Date: Thu, 26 Mar 2009 10:57:04 -0400
In-reply-to: <alpine.DEB.1.10.0903261049210.25843@uplift.swm.pp.se>
References: <93123C20-3758-43C8-9201-22CB6D5B6233@apple.com> <B00EDD615E3C5344B0FFCBA910CF7E1D06C0D8C2@xmb-rtp-20e.amer.cisco.com> <95F8ED8E-261B-437C-8063-223D345C364B@apple.com> <B00EDD615E3C5344B0FFCBA910CF7E1D06C0D8F4@xmb-rtp-20e.amer.cisco.com> <943C3A80-979F-4289-BA20-C17D20861111@apple.com> <2bbba3c10903231557i618926bavff56f877c18eeee9@mail.gmail.com> <6161A3E1-DCD1-467F-9AD5-0A15821413A2@apple.com> <2bbba3c10903231639t51dac3c3p57e1a4562bd342c4@mail.gmail.com> <EE8F7462-7233-4E0B-9CEB-FA2B7A2D15B3@apple.com> <2bbba3c10903231828g79b0207cnf4b53959e0a21706@mail.gmail.com> <30020A2D-4EE5-4F86-A1E5-532990B44D4F@apple.com> <BB56240F3A190F469C52A57138047A0301FBC00A@xmb-rtp-211.amer.cisco.com> <9AE362E6-46E1-4400-B1E3-F6B4D5392C06@apple.com> <B00EDD615E3C5344B0FFCBA910CF7E1D06C87A9C@xmb-rtp-20e.amer.cisco.com> <C4A0A0F2-FB98-4BCD-9FD4-5F58A61B3D9D@apple.com> <20090326192455.dbcedfab.ipng@69706e6720323030352d30312d31340a.nosense.org> <alpine.DEB.1.10.0903261049210.25843@uplift.swm.pp.s e>

>This sound like a huge security problem, how are those implications 
>handled? Wouldn't the L2 device in the CO need to be able to inspect
all 
>these messages and drop ones which are not assigned to that specific 
>customer by the ISP?

>In the scenarios I have seen before mechanisms such as forced
forwarding 
>and/or mac rewrite/DHCP snooping based ACLs been used in the CO L2
device 
>to handle this, what are the IPv6 equivalents in this scenario?

Thank you, Mikael.  I just sent email that I too consider such behavior
to be a security hole and gave the rationale for it.

Hemant

References:
- draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- RE: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- RE: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: Ole Troan <otroan@employees.org>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: Ole Troan <otroan@employees.org>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: Ole Troan <otroan@employees.org>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- RE: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: "Wes Beebee (wbeebee)" <wbeebee@cisco.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- RE: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: Mikael Abrahamsson <swmike@swm.pp.se>

Prev by Date: RE: draft-wbeebee-ipv6-cpe-router-04 comments
Next by Date: Re: [74attendees] The great emphasis on IPv6 - a positive look
Previous by thread: Re: draft-wbeebee-ipv6-cpe-router-04 comments
Next by thread: Re: draft-wbeebee-ipv6-cpe-router-04 comments
Index(es):
- Date
- Thread