Hi, Thank you for the report, Nick! You are correct in the four corrections you reported, and the errata can be marked as Verified.
Thanks, -- Carlos. On Mar 2, 2014, at 11:35 AM, RFC Errata System <[email protected]> wrote: > The following errata report has been submitted for RFC6192, > "Protecting the Router Control Plane". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6192&eid=3906 > > -------------------------------------- > Type: Technical > Reported by: Nick Hilliard <[email protected]> > > Section: A.1 > > Original Text > ------------- > [...] > > ip access-list extended DNS > > permit udp 198.51.100.0 0.0.0.252 eq domain any > > ipv6 access-list DNSv6 > > permit udp 2001:DB8:100:1::/64 eq domain any > > permit tcp 2001:DB8:100:1::/64 eq domain any > > ip access-list extended NTP > > permit udp 198.51.100.4 255.255.255.252 any eq ntp > > ipv6 access-list NTPv6 > > permit udp 2001:DB8:100:2::/64 any eq ntp > > ip access-list extended SSH > > permit tcp 198.51.100.128 0.0.0.128 any eq 22 > > ipv6 access-list SSHv6 > > permit tcp 2001:DB8:100:3::/64 any eq 22 > > ip access-list extended SNMP > > permit udp 198.51.100.128 0.0.0.128 any eq snmp > > [...] > > > > Corrected Text > -------------- > [...] > > ip access-list extended DNS > > permit udp 198.51.100.0 0.0.0.3 eq domain any > > ipv6 access-list DNSv6 > > permit udp 2001:DB8:100:1::/64 eq domain any > > permit tcp 2001:DB8:100:1::/64 eq domain any > > ip access-list extended NTP > > permit udp 198.51.100.4 0.0.0.3 any eq ntp > > ipv6 access-list NTPv6 > > permit udp 2001:DB8:100:2::/64 any eq ntp > > ip access-list extended SSH > > permit tcp 198.51.100.128 0.0.0.127 any eq 22 > > ipv6 access-list SSHv6 > > permit tcp 2001:DB8:100:3::/64 any eq 22 > > ip access-list extended SNMP > > permit udp 198.51.100.128 0.0.0.127 any eq snmp > > [...] > > Notes > ----- > The bitfield masks in the Cisco Configuration example in section A.1 look > incorrect. The authors may have intended the following meanings: > > > > ip access-list extended DNS > > all hosts between 198.51.100.0 and 198.51.100.3 instead of all addresses in > the range 198.51.100.0/24 which are evenly divisible by 4 > > > > ip access-list extended NTP > > all hosts between 198.51.100.4 and 198.51.100.7 instead of all addresses in > the range 0.0.0.0/0 which are evenly divisible by 4 > > > > ip access-list extended SSH > > all hosts between 198.51.100.128 and 198.51.100.255 instead of > 198.51.100.128/32 > > > > ip access-list extended SNMP > > all hosts between 198.51.100.128 and 198.51.100.255 instead of > 198.51.100.128/32 > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6192 (draft-ietf-opsec-protect-control-plane-06) > -------------------------------------- > Title : Protecting the Router Control Plane > Publication Date : March 2011 > Author(s) : D. Dugal, C. Pignataro, R. Dunn > Category : INFORMATIONAL > Source : Operational Security Capabilities for IP Network > Infrastructure > Area : Operations and Management > Stream : IETF > Verifying Party : IESG
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
