stuff to
present, etc. So I've set up a very short on-line survey to help us
plan for the meeting.
If you're interested, please take 5 minutes to complete the survey at:
https://www.surveymonkey.com/s/FFL386K
Thanks!
Best regards,
- --
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP
, this was the case. I watched it continuously, and when an RA came
in, it overwrote the manually configured MTU.
Next question: how do I prevent that from happening?
Is there any reason for which the router is including an MTU option?
Thanks,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
FYI
- Original Message
Date: Sat, 13 Jul 2013 20:30:54 +0200
From: Fernando Gont fg...@si6networks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623
Thunderbird/17.0.7
MIME-Version: 1.0
To: IPv6 Hackers Mailing
that discusses ND attacks, and that tells you how to
reproduce the attack with the toolkit.
Besides, each manual page of the toolkit (ra6(1), na6(1), etc.) has an
EXAMPLES section that provides popular ways to run each tool.
Thanks!
Cheers,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg
have plenty of experience with this.. e.g., managing
the IP reassembly queue.
Thanks,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
:-) )
Cheers,
--
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint: 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint: 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- --
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
-BEGIN PGP SIGNATURE-
Version
Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint: 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- --
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
-BEGIN PGP SIGNATURE-
Version
: enforce limits, and release unnecessary
privileges. And fail on the safe side. You could see it as
compartmentalization, too.
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
* space). I
bet there's some trick there, though. -- I don't expect them to be
running 2**64 servers...
With a little bit more of research, it shouldn't be hard to check
whether the responses are legitimate or not (TCP timestamps, IP IDs,
etc. are usually your friends here).
Thanks,
--
Fernando Gont
. -- But not much of a surprise: pointing out weaknesses usually
hurt egos, and fixing stuff doesn't get as much credit as fixing it in
the security world.
Cheers,
--
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint: 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
be barriers to deployment.
mm.. what's the problem here?
Cheers,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
/mechanism for them to
be as stable as possible? Or is it usual for hosts to get a new
address for each lease?
P.S.: I understand this is likely to vary from one implementation to
another... so please describe which implementation/version you're
referring to.
Thanks!
Best regards,
--
Fernando Gont
e
of what we end up doing with this I-D, etc., I think
the brainstorming would be fruitful. :-)
Thanks!
Best regards,
Fernando
Original Message
From: internet-dra...@ietf.org
To: Will Liu liushuch...@huawei.com, Shucheng LIU (Will)
liushuch...@huawei.com, Fernando Gont fg
to be
dropping the packets.
Obviously, I don't care about this specific case... but probably is one
on which we might have more insights than others.
Thoughts?
Thanks!
Best regards,
--
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint: 31C6 D484 63B2 8FB1 E3C4 AE25 0D55
on the public IPv6 Internet:
http://www.iepg.org/2014-07-20-ietf90/iepg-ietf90-ipv6-ehs-in-the-real-world-v2.0.pdf
Thanks!
Cheers,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
.
Thanks!
Best regards,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
FYI -- could be of Interest for folks currently in Prague for the IETF
meeting...
Forwarded Message
Subject: IPv6 hackers #2 (Prague 2015) tomorrow! (July 21, 4 PM @ CZ.NIC)
Date: Mon, 20 Jul 2015 18:24:04 -0300
From: Fernando Gont ferna...@gont.com.ar
To: IPv6 Hackers Mailing
ything missing?
Or, if you like the document and agree with its content, that's also
interesting feedback to have.
P.S.: If possible, please CC <v6...@ietf.org> and
<draft-gont-v6ops-ipv6-ehs-packet-dr...@tools.ietf.org> when sending
feedback.
Thanks!
Best regards,
--
Fernando
discussion, folks might need to dig deep into
many documents in order to grasp "what this is ll about".
FWIW, 8just me thinking out loud), I guess that one of the possible
outcomes could be to have (some reduced version of) Section 3 be a
subsection of Section 4?
Thanks!
Best regards,
--
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint: 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
distribution.
The RFC Editor Team
Association Management Solutions, LLC
___
v6ops mailing list
v6...@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5
to:
<draft-gont-v6ops-ipv6-ehs-packet-dr...@tools.ietf.org> and CC
<v6...@ietf.org>.
P.S.: You can find a number of pointers to articles and other related
work on this topic here:
<http://blog.si6networks.com/2015/12/the-controversial-ipv6-extension-headers.html>
Thanks!
Best regard
e network
-- for instance, RFC7217 was/is known in 6man circles as "stable-privacy
addresses").
Thanks!
Best regards,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
info am I losing there?
>
>> The problem is *not* that this IID is changing. It is a stable one. And
>> yes, I vote not against temporary addresses.
>
> Actually, it is not a stable address as some have found out (read:
> anecdotal), they also change at re-install and there are a couple of
> other possibilities from what I recall.
One might argue that a reinstall results in a conceptualy different
system. The fact that the underlying hardware is tha same is anecdotical.
Thanks,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
s SeND, does it?
Can anyone verify that:
1) As you disconnect and subsequently reconnect to the same network, the
address is formed with the same IID?
2) When multiple prefixes ad advertised on the same network, each
resulting address (for each different prefix) employs a different IID?
3) If multiple interfaces (NICs) are connected to the same subnet, each
obtains a different address, plus "1)" and "2)" above are true?
Thanks!
Cheers,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
d be amazing.
>> The above trick kinda does that though and it mostly seem to work.
> My info is, to set
> sysctl -w net.inet6.send.opstate=0
> to go back to mac address based eui64, but didn't checked it.
Please don't resort to eui64. That's a bad idea. See RFC7721 and RFC707
Thanks,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
ully all this SeND machinery is not being pushed in as a
heavyweight RFC7217. You don't need all the certs-related stuff for
getting a non-predictable stable-per-network IID.
Thanks!
Cheers,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
On 03/15/2017 05:27 AM, Bjørn Mork wrote:
> Fernando Gont <fg...@si6networks.com> writes:
>
>> * "IPv6 Address Usage Recommendations" <https://goo.gl/UJYdyY>
>> * "Recommendation on Temporary IPv6 Interface Identifiers"
>> <https:/
Folks,
FYI:
* "IPv6 Address Usage Recommendations" <https://goo.gl/UJYdyY>
* "Recommendation on Temporary IPv6 Interface Identifiers"
<https://goo.gl/541H8V>
Comments welcome!
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprin
, local port, remote ip, remote port),
which kind of sucks -- one would want to be able to whitelist all ports
for a given IP address, or at least (local ip, local port)
Thanks!
Best regards,
--
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint: 31C6 D484 63B2 8FB1 E3C4
On 12/11/2017 08:54 AM, Tom Hill wrote:
> On 11/12/17 05:21, Fernando Gont wrote:
>> one would want to be able to whitelist all ports
>> for a given IP address
>
> What? No!
>
> "Dear Gateway, I am definitely not a compromised host, please open all
> ports
We only send and receive email on the
> basis of the terms set out at www.rogers.com/web/content/emailnotice
>
>
>
> Ce message est confidentiel. Notre transmission et réception de courriels
> se fait strictement suivant les modalités énoncées dans l’avis publié à
> www.rogers.com/aviscourriel
>
> --
>
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
network behind the firewall.
>
> Isn't it better to forego the boarder firewall completely and make
> implementing that service the responsibility of each host for itself?
>
> Pete
>
>
> > On 12/12/2017, at 10:00 AM, Fernando Gont <ferna...@gont.com.ar> wrote:
> >
>
On Mon, Dec 11, 2017 at 6:18 PM, Pete Mundy wrote:
>
> I'm not so worried about secure IoT devices. The insecure ones will get
> hacked, and the secure ones will do their job.
>
> I just want direct uninhibited and unmodified end to end connectivity
> across the IPv6
e.g. the CPE crashes and reboots,
nodes on the local network continue using outdated prefixes which
result in connectivity problems. This document analyzes this problem
scenario, and proposes workarounds.
Any comments will be welcome.
Thanks!
Cheers,
--
Fernando Gont
SI6 Networks
e
eventually be revised.
P.S.: We also published "IPv6 Security Frequently Asked Questions (FAQ)"
at: https://www.internetsociety.org/deploy360/ipv6/security/faq/
Thanks!
Cheers,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945
Operations
CC: Fernando Gont , Jan Zorz ,
Richard Patterson
As usual, Ron and I are looking for supportive public commentary if
people want it on the IETF 105 agenda, and if people would like to see
it adopted as a working group draft.
> On Jul 6, 2019, at 9:03 AM, Fernando Gont wr
reason.
As noted in the draft, the renumbered home network is one of many
possible scenarios where the renumbering event occurs. While we can
certainly recommend stable prefixes, I do think that the network should
be robust in the presence of such events.
Thoughts?
Thanks!
Cheers
rate the ULA prefix once and store it in stable storage; that should be a
> feature of your CE. Then you never change the ULA prefix.
"MAY be a feature..." ;-) many (most?) will not even know about ULAs. :-(
Thanks,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6network
On 26/10/19 11:06, Bjørn Mork wrote:
> Fernando Gont writes:
>
>> They can't do stable addresses, and they are facing this problem.
>
> This is a constructed problem. The solution is to remove the
> construction.
>
> I realize that the "can't do stable addre
re facing this problem.
Not sure how many more 100's of messages are needed before we get to do
something about it...
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Date: Wed, 23 Oct 2019 03:51:32 -0500
From: Fernando Gont
To: IPv6 Operations
Folks,
Earlier this year there was a lot of discussion about slaac renumbering
problems. Our original I-D covered everything from the problem statement
to proposed protocol updates and operational workarounds.
B
ill *never* be used.
Fixing the ambiguity about what hosts should do about this has often been
discussed in the IETF but there's never really been evidence that it's worth
doing.
FWIW, me, even if it was just for the sake "clarity", that would be
worth doing.
Thanks!
Cheers,
--
On 31/3/20 16:03, Gert Doering wrote:
Hi,
On Tue, Mar 31, 2020 at 03:10:50PM -0300, Fernando Gont wrote:
So, managed networks tend to like DHCPv6 (DNS!), and wonder how they
should cope with Android.
Probably they don't.
I'm working with one enterprise right now, and one of the options
been shot down.
Yes. That has been very unfortunate.
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
t.
FWIW, it's quite interesting to see the same folks ditching DHCPv6 to
then complain if SLAAC-based hosts use more addresses than they would like.
Thanks,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
On 1/4/20 14:16, Gert Doering wrote:
Hi,
[...]
Even IETF discontinued recommending DHCPv6-PD for "inside a home network",
because it doesn't work.
Would you mind elaborating on this one?
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809
On 2/4/20 03:19, Gert Doering wrote:
Hi,
On Thu, Apr 02, 2020 at 12:09:34AM -0300, Fernando Gont wrote:
On 1/4/20 14:16, Gert Doering wrote:
[...]
Even IETF discontinued recommending DHCPv6-PD for "inside a home network",
because it doesn't work.
Would you mind elaborating o
,
Fernando
Forwarded Message
Subject: New Version Notification for
draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt
Date: Sat, 25 Jul 2020 22:28:50 -0700
From: internet-dra...@ietf.org
To: Fernando Gont , Gert Doering
, Geoff Huston , Warren Kumari
, Nick Hilliard
A new version of
of the IPv6 Operations WG of the IETF.
Title : Operational Implications of IPv6 Packets with
Extension Headers
Authors : Fernando Gont
Nick Hilliard
Gert Doering
Warren Kumari
Subject: IPv6 addressing: Gaps?
(draft-gont-v6ops-ipv6-addressing-considerations)
Date: Fri, 12 Feb 2021 18:50:48 -0300
From: Fernando Gont
To: IPv6 Operations
Folks,
In the aforementioned document
(https://tools.ietf.org/html/draft-gont-v6ops-ipv6-addressing-considerations),
we have tried
on the 6man wg mailing list
(https://www.ietf.org/mailman/listinfo/ipv6), that´d be fabulous.
But we'll appreciate your feedback off-line, on this list, etc. (that'd
still be great ;-) )
Thanks in advance!
Regards,
--
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint: F242 FF0E
53 matches
Mail list logo