Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadair-pppext-portrange-option-00.txt
<Gabor.Bajko@nokia.com> Fri, 06 February 2009 07:37 UTC
Return-Path: <Gabor.Bajko@nokia.com>
X-Original-To: shara@core3.amsl.com
Delivered-To: shara@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id D10433A69AA; Thu, 5 Feb 2009 23:37:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.118
X-Spam-Level:
X-Spam-Status: No, score=-4.118 tagged_above=-999 required=5 tests=[AWL=-2.419,
BAYES_00=-2.599, J_CHICKENPOX_31=0.6, MANGLED_MEDS=2.3, RCVD_IN_DNSWL_MED=-4,
SARE_RAND_1=2]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a+PNV8A96Dpg;
Thu, 5 Feb 2009 23:37:44 -0800 (PST)
Received: from mgw-mx03.nokia.com (smtp.nokia.com [192.100.122.230]) by
core3.amsl.com (Postfix) with ESMTP id A3C5C3A6959;
Thu, 5 Feb 2009 23:37:43 -0800 (PST)
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com
[172.21.138.213]) by mgw-mx03.nokia.com (Switch-3.2.6/Switch-3.2.6) with
ESMTP id n167bNwp005216; Fri, 6 Feb 2009 09:37:40 +0200
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by
esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959);
Fri, 6 Feb 2009 09:37:36 +0200
Received: from smtp.mgd.nokia.com ([65.54.30.7]) by esebh102.NOE.Nokia.com
over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
Fri, 6 Feb 2009 09:37:36 +0200
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.106]) by
nok-am1mhub-03.mgdnok.nokia.com ([65.54.30.7]) with mapi;
Fri, 6 Feb 2009 08:37:34 +0100
From: <Gabor.Bajko@nokia.com>
To: <dwing@cisco.com>, <mohamed.boucadair@orange-ftgroup.com>,
<dthaler@windows.microsoft.com>, <randy@psg.com>
Date: Fri, 6 Feb 2009 08:37:23 +0100
Thread-Topic: [shara] [BEHAVE] TR:
I-DAction:draft-boucadair-pppext-portrange-option-00.txt
Thread-Index: AcmH6rF7O8eIFT3dRwGVzm6VhD6rmwADK9cQAAsCqgAAANc0wAABCkFA
Message-ID: <A99B171D26E1564B92D36826128CD66127E350E97E@NOK-EUMSG-01.mgdnok.nokia.com>
References: <6CF039C5B32037498B02251E11CDE6B007BB7096@ftrdmel3><004e01c987e9$8b837df0$c2f0200a@cisco.com><m2hc38zcd3.wl%randy@psg.com>
<E9CACA3D8417CE409FE3669AAE1E5A4F118EB4D7AF@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com>
<6CF039C5B32037498B02251E11CDE6B007BB734A@ftrdmel3>
<014b01c9882a$19255210$c2f0200a@cisco.com>
In-Reply-To: <014b01c9882a$19255210$c2f0200a@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/mixed;
boundary="_002_A99B171D26E1564B92D36826128CD66127E350E97ENOKEUMSG01mgd_"
MIME-Version: 1.0
X-OriginalArrivalTime: 06 Feb 2009 07:37:36.0015 (UTC)
FILETIME=[C795A9F0:01C9882D]
X-Nokia-AV: Clean
Cc: behave@ietf.org, shara@ietf.org
Subject: Re: [shara]
[BEHAVE] TR: I-DAction:draft-boucadair-pppext-portrange-option-00.txt
X-BeenThere: shara@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Sharing of an IPv4 Address discussion list <shara.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/shara>,
<mailto:shara-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shara>
List-Post: <mailto:shara@ietf.org>
List-Help: <mailto:shara-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shara>,
<mailto:shara-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Feb 2009 07:37:47 -0000
Dan, The attached document should appear shortly in the ietf directories. Section 2 tries to justify the need for non-contiguous port range allocation. Sections 4 and 5 explain how the non-contiguous port range and random port delegation works. - gabor >-----Original Message----- >From: shara-bounces@ietf.org [mailto:shara-bounces@ietf.org] On Behalf Of >ext Dan Wing >Sent: Thursday, February 05, 2009 11:11 PM >To: mohamed.boucadair@orange-ftgroup.com; dthaler@windows.microsoft.com; >randy@psg.com >Cc: behave@ietf.org; shara@ietf.org >Subject: Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadair-pppext- >portrange-option-00.txt > > > > >> -----Original Message----- >> From: mohamed.boucadair@orange-ftgroup.com >> [mailto:mohamed.boucadair@orange-ftgroup.com] >> Sent: Thursday, February 05, 2009 10:35 PM >> To: dthaler@windows.microsoft.com; randy@psg.com; dwing@cisco.com >> Cc: behave@ietf.org; shara@ietf.org >> Subject: RE: [BEHAVE] [shara]TR: >> I-DAction:draft-boucadair-pppext-portrange-option-00.txt >> >> >> Thank you for your comment. >> >> There is a subtlety between subnet mask and port mask: >> subnets need to be hierarchical but not port ranges! > >I disagree. Port ranges all belong to the same IP address -- >from the view of the rest of the Internet. This is akin to the >rest of the Internet's view of a subnet. It is only the local >IP address (subnet) that is aware of the separation of ports >(or IP addresses) to individual hosts. > >> Non contiguous port range is proposed as a solution to assign >> with a single mask for instance "M" Port Ranges with "n" Port >> Ranges within the well-known Port Range. This means that >> well-known PR won't be assigned to the same user. >> >> I see other advantages on the usage of non contiguous PR: >> e.g. an attacker would have more difficulty to "guess" a port >> value within the Port Range. > >draft-boucadair-pppext-portrange-option does not describe >this advantage. I am not convinced this would thwart an >attacker significantly. If a user is permitted XXXX ports, >an attacker can determine what ports they are by a range >of contiguous bits or a range of non-contiguous bits. I >agree the attacker has to perform more probes to learn >the non-contiguous bit pattern, of course. But an analysis >of this advantage would be useful. > >> By the way, I have the same question as Randy. > >I am not talking about the proverbial Grandma or "Joe >Sixpack" when I say "users". Those users have no >need to understand 255.255.255.0, or IP addresses, >or ARP. > >However, network administrators are users, and they need >to understand these bit-masks in order to successfully >configure equipment. Based on industry experience with >IP, non-contiguous subnet masks are not used in very >many networks. This is because the complexity to use >them exceeds their value. > >Justification of the value of non-contiguous port masks >would be useful. > >-d > > >> >> >> Med >> >> >> >> -----Message d'origine----- >> De : behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] >> De la part de Dave Thaler >> Envoyé : vendredi 6 février 2009 02:10 >> À : Randy Bush; Dan Wing >> Cc : behave@ietf.org; shara@ietf.org >> Objet : Re: [BEHAVE] [shara]TR: >> I-DAction:draft-boucadair-pppext-portrange-option-00.txt >> >> Yes. :) >> >> I had the same feedback last IETF. >> This is the same thing all over again as a non-contiguous >> subnet mask, which the industry effectively got rid of as >> having too many problems in practice (but being fine in theory). >> >> -Dave >> >> -----Original Message----- >> From: shara-bounces@ietf.org [mailto:shara-bounces@ietf.org] >> On Behalf Of Randy Bush >> Sent: Thursday, February 05, 2009 3:35 PM >> To: Dan Wing >> Cc: behave@ietf.org; shara@ietf.org >> Subject: Re: [shara] [BEHAVE] TR: >> I-DAction:draft-boucadair-pppext-portrange-option-00.txt >> >> > I like this draft overall, but I would restrict this so that only >> > contiguous port ranges are permitted. Non-contiguous >> subnet masks are >> > difficult for many people to understand (even today) and I expect >> > there would be similar confusion with non-contiguous port ranges. >> >> do people have to understand these? >> >> randy >> _______________________________________________ >> shara mailing list >> shara@ietf.org >> https://www.ietf.org/mailman/listinfo/shara >> >> _______________________________________________ >> Behave mailing list >> Behave@ietf.org >> https://www.ietf.org/mailman/listinfo/behave > >_______________________________________________ >shara mailing list >shara@ietf.org >https://www.ietf.org/mailman/listinfo/shara
- [shara] TR: I-D Action:draft-boucadair-pppext-por… mohamed.boucadair
- Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadai… Dan Wing
- Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadai… Randy Bush
- Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadai… Dave Thaler
- Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadai… Randy Bush
- Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadai… mohamed.boucadair
- Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadai… Randy Bush
- Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadai… Dan Wing
- Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadai… mohamed.boucadair
- Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadai… Dan Wing
- Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadai… teemu.savolainen
- Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadai… Gabor.Bajko
- Re: [shara] [BEHAVE]TR: I-DAction:draft-boucadair… pierre.levis
- Re: [shara] [BEHAVE] TR: I-D Action:draft-boucada… mohamed.boucadair
- Re: [shara] [BEHAVE]TR: I-DAction:draft-boucadair… pierre.levis
- Re: [shara] [BEHAVE] TR: I-D Action:draft-boucada… Rémi Després
- Re: [shara] [BEHAVE] TR: I-D Action:draft-boucada… Rémi Després
- Re: [shara] [BEHAVE] TR: I-DAction:draft-boucadai… Randy Bush
- Re: [shara] [BEHAVE] TR:I-DAction:draft-boucadair… Dan Wing