Re: [v6ops] Operational guidelines for a company/organization IPv6 address scheme supplemental to RFC5157

Philipp Kern <phil@philkern.de> Wed, 26 September 2012 22:27 UTC

Return-Path: <pkern@hub.kern.lc>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FF8B21F8551 for <v6ops@ietfa.amsl.com>; Wed, 26 Sep 2012 15:27:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gEPjbLfYKPOA for <v6ops@ietfa.amsl.com>; Wed, 26 Sep 2012 15:27:48 -0700 (PDT)
Received: from hub.kern.lc (hub.kern.lc [IPv6:2a00:1158:3::c7]) by ietfa.amsl.com (Postfix) with ESMTP id DC37A21F854F for <v6ops@ietf.org>; Wed, 26 Sep 2012 15:27:47 -0700 (PDT)
Received: from pkern by hub.kern.lc with local (Exim 4.80) (envelope-from <pkern@hub.kern.lc>) id 1TH053-0008FK-63; Thu, 27 Sep 2012 00:27:45 +0200
Date: Thu, 27 Sep 2012 00:27:45 +0200
From: Philipp Kern <phil@philkern.de>
To: "Marksteiner, Stefan" <stefan.marksteiner@joanneum.at>
Message-ID: <20120926222745.GA31684@hub.kern.lc>
References: <8A317FD8C00FEE448E52D4EE5B56BB3E0232A086D8FF@RZJC1EX.jr1.local> <1348519034.47465.YahooMailNeo@web32503.mail.mud.yahoo.com> <8A317FD8C00FEE448E52D4EE5B56BB3E0232A086D902@RZJC1EX.jr1.local> <5061B157.1090106@gmail.com> <8A317FD8C00FEE448E52D4EE5B56BB3E0232A086D90A@RZJC1EX.jr1.local> <1348602134.63605.YahooMailNeo@web32505.mail.mud.yahoo.com> <8A317FD8C00FEE448E52D4EE5B56BB3E0232A08499BB@RZJC1EX.jr1.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <8A317FD8C00FEE448E52D4EE5B56BB3E0232A08499BB@RZJC1EX.jr1.local>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: Philipp Kern <pkern@hub.kern.lc>
Cc: 'IPv6 Ops WG' <v6ops@ietf.org>
Subject: Re: [v6ops] Operational guidelines for a company/organization IPv6 address scheme supplemental to RFC5157
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Sep 2012 22:27:48 -0000

On Wed, Sep 26, 2012 at 09:16:12AM +0200, Marksteiner, Stefan wrote:
> There's a variety of reasons to keep track of addresses from usage and
> statistics to forensic purposes in security incidents (also those which are
> perpetrated from inside sources to outside targets).

Wouldn't it be better to track the tables of your switches and routers
(possibly with port info) instead? Because everybody can infer the subnet from
one stateful DHCPv6 reply and just use another address. Well, unless your
hardware can already do DHCPv6 snooping at the edge, which seems to be sort of
rare.

Kind regards
Philipp Kern