Re: Questions regarding the security mechanisms//RE: CRH and RH0
Fernando Gont <fgont@si6networks.com> Fri, 15 May 2020 20:58 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 912413A095C for <ipv6@ietfa.amsl.com>; Fri, 15 May 2020 13:58:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8dOv0jCOnACV for <ipv6@ietfa.amsl.com>; Fri, 15 May 2020 13:58:10 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CD843A095A for <6man@ietf.org>; Fri, 15 May 2020 13:58:09 -0700 (PDT)
Received: from [192.168.0.10] (unknown [181.45.84.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 261C02837C3; Fri, 15 May 2020 20:57:59 +0000 (UTC)
Subject: Re: Questions regarding the security mechanisms//RE: CRH and RH0
To: Ron Bonica <rbonica@juniper.net>, qinfengwei <qinfengwei@chinamobile.com>, "'Xiejingrong (Jingrong)'" <xiejingrong@huawei.com>, 'Bob Hinden' <bob.hinden@gmail.com>, "'Darren Dukes (ddukes)'" <ddukes@cisco.com>
Cc: '6man' <6man@ietf.org>
References: <23488ea0d4eb474c9d7155086f940dae@huawei.com> <006c01d62aa1$8c195520$a44bff60$@com> <DM6PR05MB634863122645FD4981B97F71AEBD0@DM6PR05MB6348.namprd05.prod.outlook.com> <e4cfefa0-eeb4-22ee-6d9b-1abac21ce962@si6networks.com> <DM6PR05MB63486BC1056350B4E6B744FEAEBD0@DM6PR05MB6348.namprd05.prod.outlook.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <b90100a9-4ce8-1500-daa3-d3deac74674b@si6networks.com>
Date: Fri, 15 May 2020 17:51:06 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <DM6PR05MB63486BC1056350B4E6B744FEAEBD0@DM6PR05MB6348.namprd05.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/u12v2lU6WEU2sWc8XvNPQpsO0bE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2020 20:58:12 -0000
On 15/5/20 17:21, Ron Bonica wrote: > Fernando, > > Good point. In order to use CRH as an attack vector, the attacker would need to know something about CRH to IPv6 address mappings. > > I am assuming that the attacker has this information, either from an inside source (e.g., a disgruntled employee) or from effective guesswork. But also only routers that implement CRH and have populated the corresponding FIB could be used to bounce packets. Whereas in the case of RHT0, any router could be used to bounce the packets, and I seem to recall that there were even host implementations that would happily honor the RHTO by effectively forwarding them. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Questions regarding the security mechanisms//RE: … Xiejingrong (Jingrong)
- 答复: Questions regarding the security mechanisms//… qinfengwei
- RE: Questions regarding the security mechanisms//… Ron Bonica
- Re: Questions regarding the security mechanisms//… Fernando Gont
- RE: Questions regarding the security mechanisms//… Ron Bonica
- Re: Questions regarding the security mechanisms//… Fernando Gont
- Re: Questions regarding the security mechanisms//… Tom Herbert
- RE: Questions regarding the security mechanisms//… Ron Bonica
- RE: Questions regarding the security mechanisms//… Xiejingrong (Jingrong)
- RE: Questions regarding the security mechanisms//… Xiejingrong (Jingrong)
- RE: Questions regarding the security mechanisms//… Xiejingrong (Jingrong)
- RE: Questions regarding the security mechanisms//… S Moonesamy
- RE: Questions regarding the security mechanisms//… Xiejingrong (Jingrong)
- Re: Questions regarding the security mechanisms//… Fernando Gont
- RE: Questions regarding the security mechanisms//… Ron Bonica
- Re: Questions regarding the security mechanisms//… Joel M. Halpern
- Re: Questions regarding the security mechanisms//… John Scudder
- Re: Questions regarding the security mechanisms//… Nick Hilliard
- Re: Questions regarding the security mechanisms//… Gyan Mishra
- RE: Questions regarding the security mechanisms//… Xiejingrong (Jingrong)
- RE: Questions regarding the security mechanisms//… Xiejingrong (Jingrong)
- RE: Questions regarding the security mechanisms//… Xiejingrong (Jingrong)
- Re: Questions regarding the security mechanisms//… John Scudder
- Re: Questions regarding the security mechanisms//… Robert Raszuk
- RE: Questions regarding the security mechanisms//… Xiejingrong (Jingrong)
- Re: Questions regarding the security mechanisms//… Nick Hilliard
- Re: Questions regarding the security mechanisms//… John Scudder
- Re: Questions regarding the security mechanisms//… John Scudder
- Re: Questions regarding the security mechanisms//… John Scudder
- Re: Questions regarding the security mechanisms//… Robert Raszuk
- Re: Questions regarding the security mechanisms//… Ole Troan
- Re: Questions regarding the security mechanisms//… John Scudder
- RE: Questions regarding the security mechanisms//… Ron Bonica
- RE: Questions regarding the security mechanisms//… Ron Bonica
- Re: Questions regarding the security mechanisms//… Joel M. Halpern
- RE: Questions regarding the security mechanisms//… Ron Bonica
- Re: Questions regarding the security mechanisms//… Ole Troan