and this is ok? we should tolerate this level of capability?
I thought we had the chance to build in better capability
to ensure the integrity of the system instead of maintaining
the status quo? The landscape is changing (teatherless)
and the threats are more pronounced. Now we could spin this
in a slightly different manner, where local admins are simply
trying to get things working in the face of overbearing
glacial red-tape. Sort of the same justification many used
for deployment of NAT. Not hackers at all, just folks trying
to get things to work... :)
However, I really should just let this alone. It might be worth
the paper to put some of these concerns into the security
section of your standards track RFC.
% I disagree. Hackers who have this level of sophistication can just as
% easily disrupt DHCP(v4or v6) server traffic, DHCP relay traffic, and/or the
% traffic to DNS servers that are advertised by the DHCP servers.
%
% Bob
%
% At 01:11 AM 4/19/2002, Bill Manning wrote:
% >% you have almost the same issue which you described above, whether you use
% >% well-known or non-well-known.
% >%
% >% --- Toshi
% >
% > Not so. with well-known addresses, the hijack works
% > every time. if the nameservers (like today) are
% > different, depending on inital configuration (/etc/resolv.conf)
% > or passed to the node by a dhcp server, then it is much
% > harder to hijack every node every time.
% >
% > However, I don't wish to impead the progress of this WG.
% > I'll go back to tending my roses.
% >
% >--bill
% >--------------------------------------------------------------------
% >IETF IPng Working Group Mailing List
% >IPng Home Page: http://playground.sun.com/ipng
% >FTP archive: ftp://playground.sun.com/pub/ipng
% >Direct all administrative requests to [EMAIL PROTECTED]
% >--------------------------------------------------------------------
%
% --------------------------------------------------------------------
% IETF IPng Working Group Mailing List
% IPng Home Page: http://playground.sun.com/ipng
% FTP archive: ftp://playground.sun.com/pub/ipng
% Direct all administrative requests to [EMAIL PROTECTED]
% --------------------------------------------------------------------
%
--
--bill
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
