RE: [NSIS] NATFW NSLP; ingress filtering
"Hancock, Robert" <robert.hancock@roke.co.uk> Fri, 28 April 2006 12:30 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FZS7Q-0005mL-NA; Fri, 28 Apr 2006 08:30:44 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FZS7P-0005mG-06 for nsis@ietf.org; Fri, 28 Apr 2006 08:30:43 -0400
Received: from rsys002x.roke.co.uk ([193.118.201.109]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FZS7N-0007Oe-It for nsis@ietf.org; Fri, 28 Apr 2006 08:30:42 -0400
Received: from rsys005a.comm.ad.roke.co.uk (rsys005a [193.118.193.85]) by rsys002x.roke.co.uk (8.13.1/8.13.1) with ESMTP id k3SCUR88027573; Fri, 28 Apr 2006 13:30:32 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [NSIS] NATFW NSLP; ingress filtering
Date: Fri, 28 Apr 2006 13:30:27 +0100
Message-ID: <A632AD91CF90F24A87C42F6B96ADE5C57EBF06@rsys005a.comm.ad.roke.co.uk>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [NSIS] NATFW NSLP; ingress filtering
Thread-Index: AcZlO5GrlTo3YIM+Tf62ySHywxENzAFgcZZw
From: "Hancock, Robert" <robert.hancock@roke.co.uk>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, Ali Fessi <ali.fessi@uni-tuebingen.de>
X-MailScanner-roke.co.uk: Found to be clean
X-MailScanner-roke.co.uk-SpamCheck:
X-MailScanner-From: robert.hancock@roke.co.uk
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7aafa0432175920a4b3e118e16c5cb64
Cc: nsis <nsis@ietf.org>
X-BeenThere: nsis@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Next Steps in Signaling <nsis.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:nsis@ietf.org>
List-Help: <mailto:nsis-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
Errors-To: nsis-bounces@ietf.org
Hi, I also don't see that this section adds much to the understanding of how to implement or deploy the protocol. However, its presence did remind me that there is a related use of ingress filtering to prevent traffic injection in the signalling plane - i.e. sending a packet with a header that is legitimate at the IP level but which refers to traffic (via the included MRI) which the signalling source cannot have any proper interest in. The filter check is carried out by GIST (see section 5.8.1.2 of the spec), but it's left up to the NSLP to decide whether to drop the message as a result. I wonder whether the corresponding NSLP/GIST interaction should be mentioned somewhere here - it's probably more relevant to the other threats (e.g. 5.5.5). r. PS two typos at the top of p83, 'IPy' and 'match ,' > -----Original Message----- > From: Hannes Tschofenig [mailto:Hannes.Tschofenig@gmx.net] > Sent: 21 April 2006 13:03 > To: Ali Fessi > Cc: nsis > Subject: Re: [NSIS] NATFW NSLP; ingress filtering > > > I agree with you. > This helps to shorten the document. > > Ali Fessi wrote: > > Hi, > > > > in Section 5.12, there is an extensive explanation of the > term "ingress > > filtering" with a figure 46. > > > > I think "ingress filtering" is so common. There is actually > no need to > > have such an explanation in the draft. > > > > a reference, for example to RFC 2827, could be more appropriate. > > > > Cheers, > > ali > > > _______________________________________________ > nsis mailing list > nsis@ietf.org > https://www1.ietf.org/mailman/listinfo/nsis > _______________________________________________ nsis mailing list nsis@ietf.org https://www1.ietf.org/mailman/listinfo/nsis
- [NSIS] NATFW NSLP; ingress filtering Ali Fessi
- Re: [NSIS] NATFW NSLP; ingress filtering Hannes Tschofenig
- RE: [NSIS] NATFW NSLP; ingress filtering Hancock, Robert