Re: [v6ops] new draft: draft-elkins-v6ops-multicast-virtual-nodes

Nick Hilliard <nick@foobar.org> Fri, 19 September 2014 22:55 UTC

Message-ID: <541CB43F.2040508@foobar.org>
Date: Fri, 19 Sep 2014 23:54:55 +0100
From: Nick Hilliard <nick@foobar.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: v6ops@ietf.org
References: <201409191147.s8JBl1Fe016458@irp-lnx1.cisco.com> <CAPi140O_WkcS9uFCSK0+tVDF3Z1sB4_UF5Zv9kpNEMh7m94Vww@mail.gmail.com> <1411154671.21942.YahooMailNeo@web125102.mail.ne1.yahoo.com> <CAPi140Ob+TeDyYfw_1A2Q55gEF5-rNrLynQ1LkGHOVnGcNcpLA@mail.gmail.com> <1411164118.44574.YahooMailNeo@web125106.mail.ne1.yahoo.com>
In-Reply-To: <1411164118.44574.YahooMailNeo@web125106.mail.ne1.yahoo.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/kyVlVGPz2GiaUsoxwaO_3dt-TjE
Subject: Re: [v6ops] new draft: draft-elkins-v6ops-multicast-virtual-nodes
Precedence: list

On 19/09/2014 23:01, Nalini Elkins wrote:
> Andrew, I think you may have misunderstand me.  The behavior is very definitely not
> identical in IPv4.   In IPv4, many people block or disable directed broadcast PING.  Such
> PINGs can be used for amplification in Smurf attacks.
> 
> http://www.techrepublic.com/article/understanding-a-smurf-attack-is-the-first-step-toward-thwarting-one/
> 
> Ping to FF02::1 is definitely amplification when 10 echo requests can create 2,000+ 
> echo replies.   When you do a Ping on Linux, it is continuous until you stop it.
> So, you may very easily do amplification without even meaning to.

directed broadcast ping on ipv4 is harmful because it uses global
addresses, and the directed broadcast ping can be initiated remotely and
can be used to target third party addresses.  ff02::1 is link-local only,
which means that directed broadcast ping can only be initiated locally.  If
the operator follows BCP38, the replies will stay local so the scope for
damage is minimal.  The two aren't comparable.

Nick

[v6ops] new draft: draft-elkins-v6ops-multicast-v… fred
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Andrew 👽 Yourtchenko
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nalini Elkins
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Andrew 👽 Yourtchenko
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Ackermann, Michael
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nalini Elkins
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Andrew 👽 Yourtchenko
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nick Hilliard
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Andrew 👽 Yourtchenko
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nick Hilliard
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nalini Elkins
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nalini Elkins
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nalini Elkins
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Andrew 👽 Yourtchenko
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nalini Elkins
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Andrew 👽 Yourtchenko
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nick Hilliard
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nalini Elkins
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nalini Elkins
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nick Hilliard
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nalini Elkins
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Bill Cerveny
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Ackermann, Michael
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Mikael Abrahamsson
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nalini Elkins
Re: [v6ops] new draft: draft-elkins-v6ops-multica… sthaug
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Bill Cerveny
Re: [v6ops] new draft: draft-elkins-v6ops-multica… sthaug
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Mikael Abrahamsson
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Nalini Elkins
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Randy Bush
[v6ops] new draft: draft-elkins-v6ops-multicast-v… fred
Re: [v6ops] new draft: draft-elkins-v6ops-multica… Ray Hunter