So I have a question about all of this:
What IP address does a stationary host behind a
mobile router put in the source address and how
did it come to know that address if it's not its
home address?
Mike
Thomas Eklund writes:
> Hi Glenn,
>
> > Again I wish to bring up that if a slave has been infected and a root
> > kit installed, any credentials on that node will likely be
> > available to
> > be used by the virus; therefore, any credentials used to pass any AAA
> > and have the ACL filter set up will be available to the root kit.
>
> Yes.
>
> >
> > So I still think we should mandate, at least as a BCP, topological
> > correctness on the source.
> This is how it is today with the home address option and a topological
> correct IPv6 src address.
>
> >
> > Does this make sense to you both?
>
> Yes.
>
> -- thomas
> >
> > Thanks,
> >
> > Glenn
> >
> >
> > -----Original Message-----
> > From: Thomas Eklund [ mailto:[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]> ]
> > Sent: Tuesday, April 10, 2001 8:39 AM
> > To: Morrow, Glenn [RICH2:C330:EXCH]; 'Pekka Nikander';
> > '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> > Subject: RE: Source addresses, DDoS prevention and ingress filtering
> >
> >
> > Hi Pekka,
> > It is an interesting topic you raise.
> >
> > I think though that our AAA v6 draft is a big step forward and would
> > like to
> > stress at a few points.
> >
> --------------------------------------------------------------------
> IETF IPng Working Group Mailing List
> IPng Home Page: http://playground.sun.com/ipng
> FTP archive: ftp://playground.sun.com/pub/ipng
> Direct all administrative requests to [EMAIL PROTECTED]
> --------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
