Hi Glenn,
> Again I wish to bring up that if a slave has been infected and a root
> kit installed, any credentials on that node will likely be
> available to
> be used by the virus; therefore, any credentials used to pass any AAA
> and have the ACL filter set up will be available to the root kit.
Yes.
>
> So I still think we should mandate, at least as a BCP, topological
> correctness on the source.
This is how it is today with the home address option and a topological
correct IPv6 src address.
>
> Does this make sense to you both?
Yes.
-- thomas
>
> Thanks,
>
> Glenn
>
>
> -----Original Message-----
> From: Thomas Eklund [ mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> ]
> Sent: Tuesday, April 10, 2001 8:39 AM
> To: Morrow, Glenn [RICH2:C330:EXCH]; 'Pekka Nikander';
> '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> Subject: RE: Source addresses, DDoS prevention and ingress filtering
>
>
> Hi Pekka,
> It is an interesting topic you raise.
>
> I think though that our AAA v6 draft is a big step forward and would
> like to
> stress at a few points.
>
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
