Re: [v6ops] [saag] ITU-T SG17 IPv6 security work items liaison
Tim Chown <tjc@ecs.soton.ac.uk> Wed, 15 June 2011 09:45 UTC
Return-Path: <tjc@ecs.soton.ac.uk>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B00F121F8489; Wed, 15 Jun 2011 02:45:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.099
X-Spam-Level:
X-Spam-Status: No, score=-0.099 tagged_above=-999 required=5 tests=[AWL=2.499, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OTP3JbvN7e+s; Wed, 15 Jun 2011 02:45:36 -0700 (PDT)
Received: from falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [IPv6:2001:630:d0:f102::25e]) by ietfa.amsl.com (Postfix) with ESMTP id 7D1BE21F84DE; Wed, 15 Jun 2011 02:45:34 -0700 (PDT)
Received: from falcon.ecs.soton.ac.uk (localhost.ecs.soton.ac.uk [127.0.0.1]) by falcon.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id p5F9iNF5030547; Wed, 15 Jun 2011 10:44:23 +0100
X-DKIM: Sendmail DKIM Filter v2.8.2 falcon.ecs.soton.ac.uk p5F9iNF5030547
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=ecs.soton.ac.uk; s=200903; t=1308131063; bh=ZmTv3KiCfclrWyN5WvZkuPEk1ts=; h=References:In-Reply-To:Mime-Version:Cc:From:Subject:Date:To; b=Lr9LLzGKMi7Pl+TSo9GKXoMS92/zjfH2RffRFdMqh1pw048cdM8SAyThjI2irA6wZ tAV1FKD9MAUUvLWX/KVzSKNkVb4gTTCVGA07jUznprfdoM2dUow0GRAJTJlzbCM8iM NY0Tl/8Zljq877cIv9w45M07I40dRkp/3eBL9Fps=
Received: from gander.ecs.soton.ac.uk (gander.ecs.soton.ac.uk [2001:630:d0:f102::25d]) by falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [2001:630:d0:f102::25e]) envelope-from <tjc@ecs.soton.ac.uk> with ESMTP id n5EAiN0521310575Og ret-id none; Wed, 15 Jun 2011 10:44:23 +0100
Received: from cerf.ecs.soton.ac.uk (cerf.ecs.soton.ac.uk [152.78.69.39]) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id p5F9iE7U028888 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 15 Jun 2011 10:44:15 +0100
References: <4DEA6323.4070302@cs.tcd.ie> <4DF69899.2050606@cs.tcd.ie> <4DF77E98.8030300@ericsson.com> <D118E0D7-292A-45BE-B794-9D16CA37A3BE@cisco.com> <86015668-D0FC-4D85-B078-74E6AB096D56@ecs.soton.ac.uk>
In-Reply-To: <D118E0D7-292A-45BE-B794-9D16CA37A3BE@cisco.com>
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/alternative; boundary="Apple-Mail-17--888627372"
Message-ID: <EMEW3|0eb819a5e76d8210112802b2bb1ff932n5EAiN03tjc|ecs.soton.ac.uk|86015668-D0FC-4D85-B078-74E6AB096D56@ecs.soton.ac.uk>
From: Tim Chown <tjc@ecs.soton.ac.uk>
Date: Wed, 15 Jun 2011 10:44:14 +0100
To: Fred Baker <fred@cisco.com>
X-Mailer: Apple Mail (2.1084)
X-ECS-MailScanner: Found to be clean, Found to be clean
X-smtpf-Report: sid=n5EAiN052131057500; tid=n5EAiN0521310575Og; client=relay,ipv6; mail=; rcpt=; nrcpt=6:0; fails=0
X-ECS-MailScanner-Information: Please contact the ISP for more information
X-ECS-MailScanner-ID: p5F9iNF5030547
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "ipv6@ietf.org" <ipv6@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [v6ops] [saag] ITU-T SG17 IPv6 security work items liaison
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2011 09:45:37 -0000
On 15 Jun 2011, at 01:42, Fred Baker wrote: > > On Jun 14, 2011, at 8:30 AM, Suresh Krishnan wrote: > >> RFC5157 IPv6 Implications for Network Scanning > > Personally, I think that RFC has been overtaken by events. Network scans have been reported in the wild. I just re-read the abstract and conclusion to 5157, and I think everything stated there still applies. The bit where we stated that we'd not seen traditional network scanning at our own site (to <prefix>::1, <prefix>::2, etc) is the part that has changed - we could now say there is some evidence of such activity. But that doesn't invalidate the advice to - for example - not have your DHCPv6 pools start with <prefix>::1, or the observation that attackers will look at other ways to glean addresses, with some discussion of those. The interesting newly discussed issue since 5157 was published is the possible impact on ND caches of scanning dark space, should such sweeps reach the target subnet/link. WRT the ITU-T doc, I agree it's probably not needed. Tim
- [v6ops] ITU-T SG17 IPv6 security work items liais… Stephen Farrell
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… John Leslie
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Fred Baker
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Tina Tsou
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Fred Baker
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Arturo Servin
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Eliot Lear
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Stephen Farrell
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Williams, Marcus (Contractor)
- Re: [v6ops] ITU-T SG17 IPv6 security work items l… Fernando Gont
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Stephen Farrell
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Stephen Farrell
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Russ Housley
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Bob Hinden
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Stephen Farrell
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Nick Hilliard
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Stephen Farrell
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Suresh Krishnan
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Joe Touch
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Stephen Farrell
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Joe Touch
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Fred Baker
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Stephen Farrell
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Tim Chown
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Eliot Lear
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … t.petch
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Eliot Lear
- Re: [v6ops] [saag] ITU-T SG17 IPv6 security work … Joe Touch