Re: Comments on <draft-gont-6man-stable-privacy-addresses-01>
Tim Chown <tjc@ecs.soton.ac.uk> Fri, 20 April 2012 07:22 UTC
Return-Path: <tjc@ecs.soton.ac.uk>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2749221E8032 for <ipv6@ietfa.amsl.com>; Fri, 20 Apr 2012 00:22:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.038
X-Spam-Level:
X-Spam-Status: No, score=-2.038 tagged_above=-999 required=5 tests=[AWL=0.561, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uyzBJmSk1iFD for <ipv6@ietfa.amsl.com>; Fri, 20 Apr 2012 00:22:45 -0700 (PDT)
Received: from falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [IPv6:2001:630:d0:f102::25e]) by ietfa.amsl.com (Postfix) with ESMTP id 2725811E8075 for <ipv6@ietf.org>; Fri, 20 Apr 2012 00:22:43 -0700 (PDT)
Received: from falcon.ecs.soton.ac.uk (localhost.ecs.soton.ac.uk [127.0.0.1]) by falcon.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id q3K7MeGg015562 for <ipv6@ietf.org>; Fri, 20 Apr 2012 08:22:40 +0100
X-DKIM: Sendmail DKIM Filter v2.8.2 falcon.ecs.soton.ac.uk q3K7MeGg015562
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=ecs.soton.ac.uk; s=200903; t=1334906561; bh=TrLlokE2rD5VOsTgYJzJIiaDP2k=; h=Mime-Version:Subject:From:In-Reply-To:Date:References:To; b=oDnagOSb3pzN8Ln/z9wWLaZFOgpq8PcCbF+qhlsYVz6WYupVRp6FEaKnhTR7GqZmr KxOjUs8ioTgxAEPgLcQHZGQr4oqyL7Vxt1jGVlsn/lVnuqDXtYrMKtUjDzqmW/mydn OG0sdn+fZylCKAS/wjSBjszTAEB4zHmy/9DUZN+Q=
Received: from gander.ecs.soton.ac.uk ([2001:630:d0:f102:250:56ff:fea0:401]) by falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [2001:630:d0:f102:250:56ff:fea0:68da]) envelope-from <tjc@ecs.soton.ac.uk> with ESMTP id o3J8Me0543746298w9 ret-id none; Fri, 20 Apr 2012 08:22:40 +0100
Received: from [192.168.1.102] (host213-123-213-183.in-addr.btopenworld.com [213.123.213.183]) (authenticated bits=0) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id q3K7MGj3024277 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <ipv6@ietf.org>; Fri, 20 Apr 2012 08:22:16 +0100
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Apple Message framework v1257)
Subject: Re: Comments on <draft-gont-6man-stable-privacy-addresses-01>
From: Tim Chown <tjc@ecs.soton.ac.uk>
In-Reply-To: <4F91072F.1070406@si6networks.com>
Date: Fri, 20 Apr 2012 08:22:15 +0100
Content-Transfer-Encoding: quoted-printable
Message-ID: <EMEW3|74a1411700145e240e3ad2d0d15ab276o3J8Me03tjc|ecs.soton.ac.uk|9FF9F19B-1F00-46E8-81F3-792D8784D67D@ecs.soton.ac.uk>
References: <295BAD95-B636-4611-B735-4FA13AB0FAB9@gmail.com> <4F8E442D.1090700@si6networks.com> <EE1520D5-4E80-4940-86F8-8114FF3A5C6D@gmail.com> <4F91072F.1070406@si6networks.com> <9FF9F19B-1F00-46E8-81F3-792D8784D67D@ecs.soton.ac.uk>
To: IPv6 WG Mailing List <ipv6@ietf.org>
X-Mailer: Apple Mail (2.1257)
X-ECS-MailScanner: Found to be clean, Found to be clean
X-smtpf-Report: sid=o3J8Me054374629800; tid=o3J8Me0543746298w9; client=relay,forged,no_ptr,ipv6; mail=; rcpt=; nrcpt=1:0; fails=0
X-ECS-MailScanner-Information: Please contact the ISP for more information
X-ECS-MailScanner-ID: q3K7MeGg015562
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2012 07:22:46 -0000
On 20 Apr 2012, at 07:50, Fernando Gont wrote: > Hi, Bob, > > On 04/18/2012 05:55 PM, Bob Hinden wrote: >> >> >> This is an area I would like to know more about, and it would be good >> to quantify the problem. > > I've just posted this drafty I-D, which hopefully shed some light on the > subject (or triggers further discussion): > <http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt> Don't forget RFC5157, which talks about other ways addresses can be gleaned, and thus attackers could scan around those addresses. i.e. that brute force sweeps across an entire subnet aren't feasible, but an attacker will do whatever they can to narrow the search space. That text reinforces the need for randomised host addresses, and, for example, DHCPv6 servers not to allocate addresses in a predictable way. The stable privacy address draft adds pretty much the same feature for SLAAC. The ND cache exhaustion issue is also linked in to the scanning topic. Tim
- Comments on <draft-gont-6man-stable-privacy-addre… Bob Hinden
- Re: Comments on <draft-gont-6man-stable-privacy-a… Karl Auer
- Re: Comments on <draft-gont-6man-stable-privacy-a… Fernando Gont
- Re: Comments on <draft-gont-6man-stable-privacy-a… Fernando Gont
- 答复: Re: Comments on <draft-gont-6man-stable-priva… zhou.sujing
- Re: 答复: Re: Comments on <draft-gont-6man-stable-p… Fernando Gont
- Re: Comments on <draft-gont-6man-stable-privacy-a… Bob Hinden
- Re: Comments on <draft-gont-6man-stable-privacy-a… Fernando Gont
- Re: Comments on <draft-gont-6man-stable-privacy-a… Tim Chown
- Re: Comments on <draft-gont-6man-stable-privacy-a… Fernando Gont
- Re: Comments on <draft-gont-6man-stable-privacy-a… Bob Hinden
- Re: Comments on <draft-gont-6man-stable-privacy-a… Fernando Gont