IETF Logo Mail Archive

Re: [Int-area] IPv4 address sharing abuse [was RE: draft-boucadair-intarea-nat-reveal-analysis]

"Dan Wing" <dwing@cisco.com> Wed, 07 September 2011 19:03 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4896421F8D44 for <int-area@ietfa.amsl.com>; Wed, 7 Sep 2011 12:03:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.324
X-Spam-Level:
X-Spam-Status: No, score=-103.324 tagged_above=-999 required=5 tests=[AWL=-0.725, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EzD+8ji2Fgld for <int-area@ietfa.amsl.com>; Wed, 7 Sep 2011 12:03:33 -0700 (PDT)
Received: from mtv-iport-2.cisco.com (mtv-iport-2.cisco.com [173.36.130.13]) by ietfa.amsl.com (Postfix) with ESMTP id 3785A21F8D38 for <int-area@ietf.org>; Wed, 7 Sep 2011 12:03:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=4185; q=dns/txt; s=iport; t=1315422315; x=1316631915; h=from:to:cc:references:in-reply-to:subject:date: message-id:mime-version:content-transfer-encoding; bh=zL9QUKEFiNvTVEwfD4QhOlrG5845s0zmQi5hsjYeX0A=; b=nFNta8dKp7yjpeEMKNnxEpkqLEwHXPnRj/3VVVymyYI9zm/3R/nTnUD5 CAOCW7MdquHEa1jVj6qOFA2aoCNNGmpeIeBuVLsEO6sojOaRux6pXgmLt C/i3GrlnDLb3CwQR/xfzWxm0ms6NBxkS+GnVBdVGIss3yY5SeLwdX9Ekn M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtEAAMy/Z06rRDoI/2dsb2JhbABDmGmBbI0ZeIFGAQEBAQIBAQEBBQoBFxAtBwsFBwEDAgkPAgQBASgHGQ4VCgMBBQgBAQQBEgsQB4dTBJk7AZ5AhmsEh2yVQ4c4
X-IronPort-AV: E=Sophos;i="4.68,346,1312156800"; d="scan'208";a="731689"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-2.cisco.com with ESMTP; 07 Sep 2011 19:05:15 +0000
Received: from dwingWS (sjc-vpn7-714.cisco.com [10.21.146.202]) by mtv-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id p87J5Efg030392; Wed, 7 Sep 2011 19:05:15 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Lee Howard' <lee@asgard.org>, int-area@ietf.org
References: <000001cc48b3$a9bca480$fd35ed80$@com> <06f201cc6ced$f0d14fc0$d273ef40$@com> <000001cc6d88$cd71aa20$6854fe60$@org>
In-Reply-To: <000001cc6d88$cd71aa20$6854fe60$@org>
Date: Wed, 07 Sep 2011 12:05:15 -0700
Message-ID: <0ad501cc6d91$13b471e0$3b1d55a0$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcxInBo+nFfsZ4vCQaWQg+QifJboCgkTpZWgACb/sWAAAor84A==
Content-Language: en-us
Cc: draft-boucadair-intarea-nat-reveal-analysis@tools.ietf.org
Subject: Re: [Int-area] IPv4 address sharing abuse [was RE: draft-boucadair-intarea-nat-reveal-analysis]
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2011 19:03:34 -0000

> -----Original Message-----
> From: Lee Howard [mailto:lee@asgard.org]
> Sent: Wednesday, September 07, 2011 11:06 AM
> To: 'Dan Wing'; int-area@ietf.org
> Cc: draft-boucadair-intarea-nat-reveal-analysis@tools.ietf.org
> Subject: RE: [Int-area] IPv4 address sharing abuse [was RE: draft-
> boucadair-intarea-nat-reveal-analysis]
> 
> Is it true that the stacks/applications on the devices you name could
> be updated as described, but could not be updated to support IPv6?

The host stacks wouldn't be updated.  

The address-sharing device (NAT, A+P router, etc.) would add the
additional data.  

> That section of rfc6269 says blacklisting and penalty boxes won't work.
> For the solutions offered, the effort of draining the cesspool may be
> greater than living with the stink (or moving to the new house with all
> the extra bits).
> 
> The draft nicely describes the solution space, though.

-d

> Lee
> 
> > -----Original Message-----
> > From: int-area-bounces@ietf.org [mailto:int-area-bounces@ietf.org] On
> Behalf Of Dan
> > Wing
> > Sent: Tuesday, September 06, 2011 7:37 PM
> > To: int-area@ietf.org
> > Cc: draft-boucadair-intarea-nat-reveal-analysis@tools.ietf.org
> > Subject: [Int-area] IPv4 address sharing abuse [was RE:
> draft-boucadair-intarea-nat-reveal-
> > analysis]
> >
> > Dearest Internet Area,
> >
> > The INTAREA document RFC6269 discussed the harm of IPv4 abuse in
> > http://tools.ietf.org/html/rfc6269#section-13.1 and we're trying to
> see if
> > there is interest in solving the problem for IPv4 users -- some of
> whom
> > cannot or will not upgrade to IPv6 (IPv4-only television, Roku
> streaming
> > player, Grandma's Windows 95 box, etc.).  If this isn't solved, IPv4
> will
> > become a cesspool or very expensive to continue to operate for
> content
> > providers (who will have to terminate TCP and TLS sessions for
> abusers and
> > legitimate users, alike).
> >
> > -d
> >
> >
> > > -----Original Message-----
> > > From: int-area-bounces@ietf.org [mailto:int-area-bounces@ietf.org]
> On
> > > Behalf Of Dan Wing
> > > Sent: Friday, July 22, 2011 2:10 PM
> > > To: int-area@ietf.org
> > > Cc: draft-boucadair-intarea-nat-reveal-analysis@tools.ietf.org
> > > Subject: [Int-area] draft-boucadair-intarea-nat-reveal-analysis
> > >
> > > I realize INTAREA is not meeting at IETF81, but we would like to
> bring
> > > attention to the informational document
> > > http://tools.ietf.org/html/draft-boucadair-intarea-nat-reveal-
> analysis,
> > > abstract:
> > >   "This document analyzes a set of solution candidates which have
> been
> > >    proposed to mitigate some of the issues encountered when address
> > >    sharing is used.  In particular, this document focuses on means
> to
> > >    reveal a host identifier when a Carrier Grade NAT (CGN) is
> involved
> > >    in the path.  This host identifier must be unique to each host
> under
> > >    the same shared IP address.
> > >
> > >    The ultimate goal is to assess the viability of proposed
> solutions
> > >    and hopefully to make a recommendation on the more suitable
> > >    solution(s)."
> > >
> > > This document seems to belong in INTAREA, considering the various
> > > solutions
> > > to the abuse problem described in that document is due to IPv4
> address
> > > sharing, and INTAREA has already taken on documents related to IPv4
> > > address sharing:
> > >   draft-ietf-intarea-shared-addressing-issues       (RFC6269)
> > >   draft-ietf-intarea-server-logging-recommendations (RFC6302)
> > >
> > >
> > > Based on that analysis document, the most preferred solution is
> > > draft-wing-nat-reveal-option (standards track).  I expect we will
> > > pursue draft-wing-nat-reveal-option in BEHAVE or perhaps TSVWG.
> > >
> > > -d
> > >
> > >
> > > _______________________________________________
> > > Int-area mailing list
> > > Int-area@ietf.org
> > > https://www.ietf.org/mailman/listinfo/int-area
> >
> > _______________________________________________
> > Int-area mailing list
> > Int-area@ietf.org
> > https://www.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email