>>>>> On Thu, 31 Oct 2002 20:43:14 +0200 (EET),
>>>>> Pekka Savola <[EMAIL PROTECTED]> said:
>> > Now the attacker can send packets with a fec0::/10 source
>> > address to the customer -- no one will block them unless
>> > they're explicitly configured as site borders -- before the
>> > customer itself. And if the customer does not block them,
>> > we're in for very serious trouble.
>> >
>> > That seemed to be what everyone except me read the ADDRARCH
>> > paragraph to imply. I thought attackers first-hop router (or
>> > at the latest, attackers edge router) should block these
>> > packets automatically.
>>
>> No. At least I read ADDRARCH as meaning that the routers between the
>> attacker and the customer would all be configured (one way or another -
>> either manually or because it's their default configuration) as site
>> boundaries, meaning they would filter the site-local packets.
> This reading of ADDRARCH seems to be in conflict with what you said
> earlier:
I don't think so. Rich said "either manually or because it's their
default configuration", which perfectly coincides with what he said
before.
The difference seems to me that you're saying that such an assumption
is naive and Rich doesn't think so. IMO, this is a difference in
philosophy and either side has some valid points. So I don't think we
can reach some consensus by further discussion, at least within this
thread.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
