Hi WG, I am picking the ball up again wrt Passive IP addresses, particular in the light of all the discussions around the tools.ietf.org/html/draft-ietf-opsec-lla-only IP addresses. (http://www.ietf.org/id/draft-baker-opsec-passive-ip-address-01.txt)
One of the considerations regarding usage of LLA-Only is that network visibility is undermined for a part. This is exactly one of the things that Passive addresses can aid with. It provides network visilbility, while still protecting the network from some external influences. So in a nutshell: Q) What is a passive address? A) any kind of address you configure on a device or interface Q) is there need for a new address type specified by IANA A) No Q) what makes an address a passive address A) during configuration of that address on an interface/device you specify for example: ip address foo 'passive' Q) what does the passive keyword result into A) If the recipient device receives an IP packet with this passive address in the destination address and is destined for this device, then the packet will be dropped. However, when the device gets for example a packet with TTL expired (for trace-route) then this passive address could be used as the source address Q) can a passive address be used to build a session with? A) nope, it only accommodates unidirectional traffic G/
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
