RE : RE : [midcom] More on new work item
"Joel Tran" <joel.tran@USherbrooke.ca> Mon, 03 May 2004 19:33 UTC
Received: from optimus.ietf.org (iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA24307 for <midcom-archive@odin.ietf.org>; Mon, 3 May 2004 15:33:28 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BKiwI-0002a9-Fw for midcom-archive@odin.ietf.org; Mon, 03 May 2004 15:17:18 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i43JHIgY009916 for midcom-archive@odin.ietf.org; Mon, 3 May 2004 15:17:18 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BKilO-0007iX-G1; Mon, 03 May 2004 15:06:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BKicX-0008BK-0z for midcom@optimus.ietf.org; Mon, 03 May 2004 14:56:53 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA20397 for <midcom@ietf.org>; Mon, 3 May 2004 14:56:49 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BKicU-0006Ci-6V for midcom@ietf.org; Mon, 03 May 2004 14:56:50 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BKibd-000672-00 for midcom@ietf.org; Mon, 03 May 2004 14:55:58 -0400
Received: from smtpi1.usherbrooke.ca ([132.210.244.92]) by ietf-mx with esmtp (Exim 4.12) id 1BKiay-0005yr-00 for midcom@ietf.org; Mon, 03 May 2004 14:55:16 -0400
Received: from kamel (traj1901.gel.usherb.ca [132.210.72.178]) by smtpi1.usherbrooke.ca (8.12.10/8.12.10) with ESMTP id i43IsCex007057; Mon, 3 May 2004 14:54:12 -0400
From: Joel Tran <joel.tran@USherbrooke.ca>
To: 'Jonathan Rosenberg' <jdrosen@dynamicsoft.com>
Cc: midcom@ietf.org, 'Melinda Shore' <mshore@cisco.com>
Subject: RE : RE : [midcom] More on new work item
Date: Mon, 03 May 2004 14:53:29 -0400
Message-ID: <001a01c4313f$ec91df20$b248d284@kamel>
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
In-Reply-To: <40963D64.7060306@dynamicsoft.com>
Importance: Normal
X-UdeS-i-MailScanner-Information: Veuillez consulter le http://www.usherbrooke.ca/vers/virus-courriel
X-UdeS-i-MailScanner: Aucun code suspect détecté
X-MailScanner-SpamCheck: n'est pas un polluriel, SpamAssassin (score=-4.9, requis 5, autolearn=not spam, BAYES_00 -4.90)
X-MailScanner-From: joel.tran@usherbrooke.ca
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60
Sender: midcom-admin@ietf.org
Errors-To: midcom-admin@ietf.org
X-BeenThere: midcom@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=unsubscribe>
List-Id: <midcom.ietf.org>
List-Post: <mailto:midcom@ietf.org>
List-Help: <mailto:midcom-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=subscribe>
Response inline. > > > > > > >>* assuming no other nats between the user and the ISP NAT, > there is a > >>correlation that needs to be made somewhere between the > >>username/password and the IP address thats allocated to them. This > >>would require some really convoluted coupling between DHCP (which > >>can tell you > >>the MAC/IP binding) and customer provisioning systems (which > >>*might* be > >>able to tell you the MAC used by a customers cable modem) > and the ISP > >>firewall, to make sure that a user can only make changes for > >>their own > >>IP. This seems pretty complicated to me. > > > > > > I don't think we require a big correlation (User/PWD/IP) in > order to > > provide a security mechanism. For example, the rules can be : > > > > 1 - Pinholes can only be created for the source address. > > 2 - User joe can only create 10 pinholes or IP source can only > > create 10 pinholes. > > 3 - ... > > This rule is susceptible to source address spoofing attacks. It would > allow me to direct traffic at a target by faking my source IP > to be that > of the target. I think DHCP is used mainly by ISP in two cases. The first case concerns the assingment of pseudo-static IP address to client using a DHCP. This technique is mainly used in a shared medium context (cable user for instance). The second case concerns the assingment of dynamic IP address to client. This is mainly used with PPP link (PPOE ADSL network and dialup for instance). In the first case, it is easy to make a policy with the IP/MAC to an user since it is pseudo-static. An attacker would have to clone the MAC/IP and find the correct user/pwd to do a sproofing attacks. In the second case, since a PPP connection is used, it is easy to detect and filter sproofing with a proper rule. ...J _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom
- [midcom] More on new work item Melinda Shore
- Re: [midcom] More on new work item Jonathan Rosenberg
- RE: [midcom] More on new work item Christopher A. Martin
- Re: [midcom] More on new work item Melinda Shore
- RE : [midcom] More on new work item Joel Tran
- Re: RE : [midcom] More on new work item Jonathan Rosenberg
- Re: RE : [midcom] More on new work item Joel Tran
- Re: RE : [midcom] More on new work item Jonathan Rosenberg
- Re: RE : [midcom] More on new work item Joel Tran
- Re: RE : [midcom] More on new work item Melinda Shore
- Re: RE : [midcom] More on new work item Jonathan Rosenberg
- RE : RE : [midcom] More on new work item Joel Tran
- Re: RE : RE : [midcom] More on new work item Melinda Shore
- RE: RE : RE : [midcom] More on new work item Christian Huitema
- RE : RE : [midcom] More on new work item Joel Tran
- Re: RE : RE : [midcom] More on new work item Jonathan Rosenberg