[OPSEC] ipv6 ingress filtering...
Joel Jaeggli <joelja@bogus.com> Wed, 26 August 2009 20:55 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7590328C158 for <opsec@core3.amsl.com>; Wed, 26 Aug 2009 13:55:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.499
X-Spam-Level:
X-Spam-Status: No, score=-2.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qydb4K2a4p+M for <opsec@core3.amsl.com>; Wed, 26 Aug 2009 13:55:47 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id 717043A6D2B for <opsec@ietf.org>; Wed, 26 Aug 2009 13:55:47 -0700 (PDT)
Received: from [209.97.124.176] ([209.97.124.176]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n7QKtpta013068 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <opsec@ietf.org>; Wed, 26 Aug 2009 20:55:52 GMT (envelope-from joelja@bogus.com)
Message-ID: <4A95A152.9080303@bogus.com>
Date: Wed, 26 Aug 2009 13:55:46 -0700
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: "'opsec@ietf.org'" <opsec@ietf.org>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.2 (nagasaki.bogus.com [147.28.0.81]); Wed, 26 Aug 2009 20:55:52 +0000 (UTC)
Subject: [OPSEC] ipv6 ingress filtering...
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2009 20:55:48 -0000
I have been following the thread on ipv6@ietf.org on the subject of routing loop attacks using ipv6 tunnels http://www.ietf.org/mail-archive/web/ipv6/current/threads.html#10800 and it occurs to me that the corpus of knowledge on ipv6 ingress filtering may be somewhat incomplete. There is this document: http://www.cymru.com/Bogons/ipv6.txt that is in a format and with authors that look fairly familiar. there is this document: http://ietfreport.isoc.org/idref/draft-dupont-ipv6-ingress-filtering/ which appears consigned to history rfc 2827 and 3704 are the canonical documents in this space, rfc 3178 deals with some limitations of ingress filters being imposed. threats that become feasible due to the inposition of transition technologies were not a consideration of the later three documents. Thoughts are appreciated. joel
- [OPSEC] ipv6 ingress filtering... Joel Jaeggli