Re: Is this true?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2010-08-27 11:36, Dave CROCKER wrote:
> 
> 
> On 8/26/2010 4:24 PM, Brian E Carpenter wrote:
>>> >  On 8/26/2010 2:27 PM, Brian E Carpenter wrote:
>>>> >>  why would the underlying security vulnerabilities be fundamentally
>>>> >>  different?
> ...
>> True, but the same property means that scanning attacks are infeasible
>> against IPv6 subnets. Attack tracking based on subnets may work
>> fine, though. Swings and roundabouts.
> 
> Your original comment was about differences in vulnerabilities.  You
> asserted that there was no fundamental difference and I was observing
> that one difference that is clear and is already of concern to the
> anti-spam/anti-abuse community does quality as a fundamental
> difference.  (It is likely to render and entire infrastructure of
> address-based white- and black-listing useless.)
> 
> 
>> Anyway - nobody is saying that there are no security issues with IPv6.
> 
> How is your statement, above, not saying /exactly/ that?

We must interpret the word "fundamental" differently. The fundamental
issue we are getting at in your example is basically that it's trivial
to forge layer 3 addresses in a connectionless datagram network running
without cryptograhic signature of every packet. The exact exposures and
countermeasures differ between IP versions, of course.

   Brian
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]