IETF Logo Mail Archive

Re: [v6ops] Fwd: (IETF I-D): Implications of IPv6 Addressing on Security Operations (Fwd: New Version Notification for draft-gont-opsec-ipv6-addressing-00.txt)

Fernando Gont <fgont@si6networks.com> Tue, 07 February 2023 23:16 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14951C14CEFF for <v6ops@ietfa.amsl.com>; Tue, 7 Feb 2023 15:16:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bt9dn5cXyktl for <v6ops@ietfa.amsl.com>; Tue, 7 Feb 2023 15:16:26 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AE3AC14F6EC for <v6ops@ietf.org>; Tue, 7 Feb 2023 15:16:24 -0800 (PST)
Received: from [10.0.0.133] (unknown [186.19.8.47]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 413C92815B6; Tue, 7 Feb 2023 20:16:18 -0300 (-03)
Message-ID: <ae1fa42d-cd3f-2d54-d190-b96469c6b5cd@si6networks.com>
Date: Tue, 07 Feb 2023 20:16:15 -0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2
Content-Language: en-US
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>, IPv6 Operations <v6ops@ietf.org>
References: <091075f1-033a-5577-60d9-3c6a009b3e21@si6networks.com> <55adf66d-23cb-0b2c-65d7-8f053a6f9298@si6networks.com> <eb2e613ce5154139a4e18eebff21b822@huawei.com>
From: Fernando Gont <fgont@si6networks.com>
In-Reply-To: <eb2e613ce5154139a4e18eebff21b822@huawei.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/zDO4_rJmfKqNSHTZMsmvaDFR8v8>
Subject: Re: [v6ops] Fwd: (IETF I-D): Implications of IPv6 Addressing on Security Operations (Fwd: New Version Notification for draft-gont-opsec-ipv6-addressing-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 23:16:28 -0000

Hi, Eduard,

On 7/2/23 04:17, Vasilenko Eduard wrote:
> Hi Fernando,
> You did not mention that the /48 may be dynamic (PA changing over time).

This is a very good point. Will note this in the net rev. -- thanks!


> Hence, even /48 block may not block the offender.
> The offender in principle may buy a connection from such a Carrier. Then rotate his /56 periodically.
> 
> The possibility to trace offenses against RIR blocks is missing in the document.

Could you elaborate a bit here?


> 
> IMHO: it may sense to mention in the absent conclusion that "there is no reliable way to block only offender. If the offense is big enough, it is possible to block legal entity (consulting with RIRs registry)."

Also a very valid point. Will note this in the next rev.

Thanks!

Regards,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494

v2.23.0 | Report a Bug | By Email