On Thu, 15 Apr 2010, Simon Perreault wrote:
On 2010-04-14 18:26, Brian E Carpenter wrote:
Common practice in network monitoring and in QoS technologies
is to identify a flow of packets by the 5-tuple
{source address, dest address, source port, dest port, protocol #}.
Or we can strongly recommend that all hosts set the flow label, so
that we can use the 3-tuple {source address, dest address, flow label}.
It would be easy for an attacker to put garbage in the flow label to trick
the QoS. So you couldn't use the flow label from hosts you don't trust, which
is most of them nowadays.
So as put garbage to src and dst port. If BCP-38 network ingres filter is
implemented, then not so easy.....
Best Regards,
Janos Mohacsi
Simon
--
NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca
STUN/TURN server --> http://numb.viagenie.ca
vCard 4.0 --> http://www.vcarddav.org
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
