Re: 6MAN Adoption call on

Wed, 04 Sep 2013 08:24:04 -0700 

It's a bit late for the call on adoption, but FWIW I support Fernando.

Tom Taylor

On 03/09/2013 8:44 PM, Fernando Gont wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/02/2013 07:34 AM, Ole Troan wrote:


If you read chapter 5 it starts out by explaining how RPF check
is always done for multicast.

Due to the RPF check, the possibility of spoofing is
significantly reduced. Just like it is when using unicast RPF.
Hence I don't think this attack vector is that serious.


That might help preventing an attacker to exploit this against
an arbitrary system, but not against all nodes.


would that be other nodes than yourself and nodes on the same link
as yourself?


I guess in some scenarios it might be tricky.

For instance, even with link-local only multicast (as that used for
ND), you can send a packet to a link-local multiast address, but
sourced from any global address. Hence you can have your own network
be an amplifier to attack a third party.

Not to mention that if you're employing e.g. an openvpn Ethernet
bridge, it becomes fuzzy what's your local link (i.e. real links vs.
"virtual" link).

IMO, this is the kind of feature that's "asking for trouble". IMHO,
let's fix it, and move on.

Cheers,
- --
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJSJoIzAAoJEK4lDVUdTnSSorIP/jMn8htTnIsFa8hjzV56WbV+
tORPAy4IcjHhqDm28GbQzFO29T3JpfkKbhI/RGk5AD1s6A9rKIhBH6JciMSoU1+z
lB8Cnv+d4yyrekI2bj4T0tSM0rINYTmDD2PhrpPSs0zCSoLffimybISuOBld1B03
V8HEcVom8p7LWWaz6d6flO10Qxg2W/VtO1RRGFHER0OBRLjriKjfijSBaNWl1m9h
3JrgoFjylNmmBZSQPaP1URHnUx/n8wMzEiAG7Oc0uHU8l1XQQFjpIYWwc58jCOds
tIPUqLr60RsMNkJwd1YCmFWWws8tl8a3AVswLsEBXg+w2t8jfXIy2lT4Gkwo+VKx
kAhaXg6Dg/x4KhCAnqrUet3kqmTyOYIu6n2MbbGrlz4pvyH4U7SiNQPGJI7/yrLg
CQIJU4TSUAHR0ypan3oWVDmop4tnZe1jfxcUFqmeWtQ5IEBhwy5wmzKfDIwYcDe2
cS080uJx/s9eIyQtjCWD1aNSXNo5T06zbX0VLzc50LGDmWmH30PyrZDcYdW/Ig8x
SrYpv/mCXJW+C3LOUGsLetoFsnmFK1QcfzAQ9Vka4BLGnd5Em3+zZBzFSsQdPHMP
qrmFQnIYWEjc31n9VifLOlXU4cf9fa2isaR+KWDpUXkD2B42KwEMtGi9KAZre9tQ
pRJVmtQE6Azhntlh6otb
=pTp6
-----END PGP SIGNATURE-----
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Reply via email to