[OPSEC] [Errata Verified] RFC6192 (3906)
RFC Errata System <rfc-editor@rfc-editor.org> Tue, 15 April 2014 18:25 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D78A91A01FE; Tue, 15 Apr 2014 11:25:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.174
X-Spam-Level:
X-Spam-Status: No, score=-2.174 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.272, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6exoZvdScuMf; Tue, 15 Apr 2014 11:25:07 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1900:3001:11::31]) by ietfa.amsl.com (Postfix) with ESMTP id 375531A011A; Tue, 15 Apr 2014 11:25:07 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 2075918000C; Tue, 15 Apr 2014 11:24:39 -0700 (PDT)
To: nick@foobar.org, dave@juniper.net, cpignata@cisco.com, rodunn@cisco.com
X-PHP-Originating-Script: 1005:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20140415182439.2075918000C@rfc-editor.org>
Date: Tue, 15 Apr 2014 11:24:39 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/opsec/ZnJDT8kLOpIZT4qR2KynpB1LBMc
Cc: opsec@ietf.org, iesg@ietf.org, rfc-editor@rfc-editor.org
Subject: [OPSEC] [Errata Verified] RFC6192 (3906)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 18:25:13 -0000
The following errata report has been verified for RFC6192, "Protecting the Router Control Plane". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6192&eid=3906 -------------------------------------- Status: Verified Type: Editorial Reported by: Nick Hilliard <nick@foobar.org> Date Reported: 2014-03-02 Verified by: Benoit Claise (IESG) Section: A.1 Original Text ------------- [...] ip access-list extended DNS permit udp 198.51.100.0 0.0.0.252 eq domain any ipv6 access-list DNSv6 permit udp 2001:DB8:100:1::/64 eq domain any permit tcp 2001:DB8:100:1::/64 eq domain any ip access-list extended NTP permit udp 198.51.100.4 255.255.255.252 any eq ntp ipv6 access-list NTPv6 permit udp 2001:DB8:100:2::/64 any eq ntp ip access-list extended SSH permit tcp 198.51.100.128 0.0.0.128 any eq 22 ipv6 access-list SSHv6 permit tcp 2001:DB8:100:3::/64 any eq 22 ip access-list extended SNMP permit udp 198.51.100.128 0.0.0.128 any eq snmp [...] Corrected Text -------------- [...] ip access-list extended DNS permit udp 198.51.100.0 0.0.0.3 eq domain any ipv6 access-list DNSv6 permit udp 2001:DB8:100:1::/64 eq domain any permit tcp 2001:DB8:100:1::/64 eq domain any ip access-list extended NTP permit udp 198.51.100.4 0.0.0.3 any eq ntp ipv6 access-list NTPv6 permit udp 2001:DB8:100:2::/64 any eq ntp ip access-list extended SSH permit tcp 198.51.100.128 0.0.0.127 any eq 22 ipv6 access-list SSHv6 permit tcp 2001:DB8:100:3::/64 any eq 22 ip access-list extended SNMP permit udp 198.51.100.128 0.0.0.127 any eq snmp [...] Notes ----- The bitfield masks in the Cisco Configuration example in section A.1 look incorrect. The authors may have intended the following meanings: ip access-list extended DNS all hosts between 198.51.100.0 and 198.51.100.3 instead of all addresses in the range 198.51.100.0/24 which are evenly divisible by 4 ip access-list extended NTP all hosts between 198.51.100.4 and 198.51.100.7 instead of all addresses in the range 0.0.0.0/0 which are evenly divisible by 4 ip access-list extended SSH all hosts between 198.51.100.128 and 198.51.100.255 instead of 198.51.100.128/32 ip access-list extended SNMP all hosts between 198.51.100.128 and 198.51.100.255 instead of 198.51.100.128/32 -------------------------------------- RFC6192 (draft-ietf-opsec-protect-control-plane-06) -------------------------------------- Title : Protecting the Router Control Plane Publication Date : March 2011 Author(s) : D. Dugal, C. Pignataro, R. Dunn Category : INFORMATIONAL Source : Operational Security Capabilities for IP Network Infrastructure Area : Operations and Management Stream : IETF Verifying Party : IESG
- [OPSEC] [Technical Errata Reported] RFC6192 (3906) RFC Errata System
- Re: [OPSEC] [Technical Errata Reported] RFC6192 (… Carlos Pignataro (cpignata)
- [OPSEC] [Errata Verified] RFC6192 (3906) RFC Errata System