Hi Yu,
Please see below.
Thanks,
Ian
> On 25. Oct 2017, at 11:28, Yu Fu <[email protected]> wrote:
>
> >g3.
> >Section 7 - States that there are a list of objects and their sensitivity /
> >vulnerability, but the list that follows only names the objects. No
> >vulnerability
> >information is included.
>
> [Yu]: It has a description as followed :
> “Some of the readable objects in this MIB module (i.e., objects with a
> MAX-ACCESS other than not-accessible) may be considered sensitive or
> vulnerable in some network environments. It is thus important to
> control even GET and/or NOTIFY access to these objects and possibly
> to even encrypt the values of these objects when sending them over
> the network via SNMP”
> “Objects that reveal rule information of the MAP Domain: Various objects can
> reveal the
> rule information of the map domain. A curious outsider could monitor
> these to assess the number of rules and the IPv6 prefix performed in
> this domain. Further, an intruder could use the information to guess
> the address-sharing ratios of the ISPs.”
>
> [Yu]: The objects in the list reveal the rule information and are readable.
> So they are vulnerable.
[if - OK. The current text isn’t very clear. Can I propose the following text
as a replacement?
Some of the MIB model's objects are vulnerable as the information
which they hold may be used for targeting an attack against a MAP node (CE or
BR).
E.g., an intruder could use the information to help deduce the customer IPv4
and IPv6
topologies and address-sharing ratios in use by the ISP.
The following is a list of the objects that have this vulnerability:
]
_______________________________________________
Softwires mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/softwires
