Re: [v6ops] Mitigation against IPv6 Router Advertisements flooding - draft-moonesamy-ra-flood-limit-00
Arturo Servin <arturo.servin@gmail.com> Thu, 04 July 2013 11:31 UTC
Return-Path: <arturo.servin@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE3E021F9E79 for <v6ops@ietfa.amsl.com>; Thu, 4 Jul 2013 04:31:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=0.301, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4WNp7fjC0eVx for <v6ops@ietfa.amsl.com>; Thu, 4 Jul 2013 04:31:07 -0700 (PDT)
Received: from mail-gg0-x22a.google.com (mail-gg0-x22a.google.com [IPv6:2607:f8b0:4002:c02::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 4F6FA21F9E71 for <v6ops@ietf.org>; Thu, 4 Jul 2013 04:31:07 -0700 (PDT)
Received: by mail-gg0-f170.google.com with SMTP id s5so377678ggc.15 for <v6ops@ietf.org>; Thu, 04 Jul 2013 04:31:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=JjpVqnPS+zo2pN8qaGNEi+3xiI9EwDu8v2N451UGnHE=; b=PVGjYh44XBrfYynZwiT7vz0gOpN1g+z6iE5778eRTCYTXwtRw+MZP6hb8Mbe9UP9/9 Cj3wXbbeOdy4bI/Q0IlY5eTLQmtmpxWmZ9SBJOCkf6V5w7N0HGXfPHZVHpncTsNphTmn i03stxE4KAhtN61O4AKkDazfdqLdMQojKVja5uyNeypO4jdc2QCbySKd8lB4SQ1kQ5BE mmhHddwwFgrYPJVmDnsZBKQL2Hy30Ugqbfc8+9NNCSEm5mOMFIfC5v2naFPsEWu55QlM 8mf/urUhIie3iQ4JDtgtmxfAvpx8fdnPWz+/QV+RLZqF8yZz+qUATXmk4NP+irxfKdCB 84BA==
X-Received: by 10.236.159.196 with SMTP id s44mr2719417yhk.105.1372937466393; Thu, 04 Jul 2013 04:31:06 -0700 (PDT)
Received: from Arturos-MacBook-Pro.local (r186-48-202-5.dialup.adsl.anteldata.net.uy. [186.48.202.5]) by mx.google.com with ESMTPSA id s29sm4130223yhf.6.2013.07.04.04.31.04 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 04 Jul 2013 04:31:05 -0700 (PDT)
Message-ID: <51D55CF0.9010301@gmail.com>
Date: Thu, 04 Jul 2013 08:30:56 -0300
From: Arturo Servin <arturo.servin@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: S Moonesamy <sm+ietf@elandsys.com>
References: <6.2.5.6.2.20130702145424.0af37160@elandnews.com> <51D4CD90.5070005@gmail.com> <6.2.5.6.2.20130703220114.0c8241b8@resistor.net>
In-Reply-To: <6.2.5.6.2.20130703220114.0c8241b8@resistor.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Mitigation against IPv6 Router Advertisements flooding - draft-moonesamy-ra-flood-limit-00
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jul 2013 11:31:08 -0000
SM,
Sorry, I should have said "Or are these recommendations orthogonal
to a network applying RA Guard?"
I think the ansewer is still yes. But for that reason I think that
you should mention that this is an add-on to RA Guard (not instead of,
not criticizing it) and it is intended to provide some security
mechanisms to the host when the network administrator do not have this
capability (RA-Guard) in its network.
In the end, having RA-Guard could solve enteraly this problem, but
when it is not provided by the network the host should have mechanisms
to defend itself. Then is when your draft applies. Does it make sense my
comment?
Regards,
as
On 7/4/13 3:02 AM, S Moonesamy wrote:
> Hi Arturo,
> At 18:19 03-07-2013, Arturo Servin wrote:
>> Why IPv6 Router Advertisement Guard would be not enough?
>
> The draft does not seek to criticize Router Advertisement Guard in any
> way. The draft looks at what can occur on the host and what has been
> done to ensure that there isn't a crash.
>
>> Or are these recommendations orthogonal to a network applying RA?
>
> Yes.
>
>> I think that it would be important to address those questions in
>> the draft.
>
> That would be an operational issue.
>
>> Also, related. Is it possible for a host to perform a RS attack?
>
> I don't have sufficient information to provide a good answer. I
> prefer not to give you a misleading answer.
>
> Regards,
> S. Moonesamy
- [v6ops] Mitigation against IPv6 Router Advertisem… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… Rui Paulo
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… David Farmer
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… David Farmer
- Re: [v6ops] Mitigation against IPv6 Router Advert… Arturo Servin
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… Arturo Servin
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… David Farmer
- Re: [v6ops] Mitigation against IPv6 Router Advert… Arturo Servin
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… Fernando Gont
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… Fernando Gont