On Sun, Jul 27, 2003 at 02:52:54PM +0200, Nir Arad wrote:
> Should a node (a router) check the validity of the mapping of IPv6
> multicast destination address into the Ethernet MAC multicast address?
> Could there be a security issue?
Exactly my question. To be exact:
Assume the receiving node
Hello,
On Sun, Jul 27, 2003 at 02:52:54PM +0200, Nir Arad wrote:
> Should a node (a router) check the validity of the mapping of IPv6
> multicast destination address into the Ethernet MAC multicast address?
In a weak sense, they do this automatically, by
a) implementing a MAC multicast filter
On Thu, Jun 26, 2003 at 03:24:19PM +0200, Nir Arad wrote:
>
> I am reading RFC 2464, and I have encountered chapter 6, titled
> "Address Mapping -- Unicast".
> I have to admit I still didn't read the related RFC 2461 (Neighbor
> Discovery),
Then please do this.
> but I was wondering if someone w
Hi,
On Mon, Mar 10, 2003 at 03:13:16PM -0800, Alain Durand wrote:
> Alternate scenario:
> We ship our system so they configure IPv6 ON by default on all interface.
> User install this machine on his v4-only network and now experiment
> larger than usual delays to connect to his favorite servers.
On Sun, Dec 15, 2002 at 08:48:11PM +0100, Kurt Erik Lindqvist wrote:
> >If can we provide a compelling architecture without private address
> >then there should be no private addresses, otherwise NAT is a force
> >major
> >issue and we have to redo all the applications which are broken by NAT
> >
Hi,
On Thu, Nov 07, 2002 at 10:44:36AM -0500, Ralph Droms wrote:
> Is this situation - a mobile node using site-local addresses moving to a
> new "site" - an opportunity for inadvertent (or possibly even malicious)
> TCP session hijacking? I.e., is the problem worse in the case of active
> a
On Mon, Nov 04, 2002 at 05:35:03PM +0900, Soohong Daniel Park wrote:
> I'd like to get all hosts addresses in small network, can i get these
> addresses usign multicast ?
See http://www.join.uni-muenster.de/rfc/rfc2375.txt
-is
msg08710/pgp0.pgp
Description: PGP signature
Hi,
On Fri, Nov 01, 2002 at 07:06:21AM +0900, Jun-ichiro itojun Hagino wrote:
> if you get a default route from three sites you are joined to, what
> are you going to do? or what if you get 2001:240::/32 from both sides,
> what are you going to do?
Same as when you have two int
hello,
On Fri, Nov 01, 2002 at 03:11:44PM -0500, Thomas Narten wrote:
> Folks,
>
> The stats George posted are well worth thinking hard about.
>
> When there are so many postings on a list in such a short time, the
> following is inevitable:
>
> - folks don't read them all anymore. I'm sure fol
d), but there is a terminology error that should be corrected before use:
2.3 Address Generation
[...]
* A randomly generated address SHOULD have the Universal/Local bit
and the Individual/Group bit set to 0 to indicate a locally
scoped Unicast address (see [RFC2373]).
s/locally scop
Hello,
On Sat, Jul 06, 2002 at 04:26:04PM +0200, [EMAIL PROTECTED] wrote:
> i'm a university student, for my degree thesis i have to investigate
> Routing Security Problem in IPv6.
> After Reading RFCs about RIPng and OSPF for IPv6 all i found is that
> to secure routing protocols IPSec will be
On Tue, Jul 02, 2002 at 03:57:32PM +0800, jpxiong wrote:
> When I use those os'IPv6 stack to communication,I wonder weather the
> IPv4 stack is necessary exist.That is to say,can i uninstall the ipv4
> stack and remain the ipv6's ability?
In theory, yes. However, depending on the internal struct
Hello,
On Thu, Jun 13, 2002 at 03:37:29PM -0700, Tony Hain wrote:
> Any app that doesn't need a forward or reverse record in DNS will work
> with a private address, why do they need a special API. What you are
> looking for is a simple way during address selection to know which
> address is recor
On Mon, Jun 10, 2002 at 01:45:16PM -0400, Bill Sommerfeld wrote:
> It's also worth pointing out that NAT is not the only way a
> site-local-only system could get external connectivity.
>
> A transport-layer gateway/relay like a socks implementation for v6 or
> the KAME "faithd" would be another w
On Sat, Jun 08, 2002 at 06:38:22PM -0700, Michel Py wrote:
> - With an RFC 1918 host behind a firewall, compromising the firewall is
> enough to grant that host outside access. Single point of failure.
>
> - With a site-local only host behind a firewall, this become a double
> hack thing: you nee
On Wed, Mar 20, 2002 at 11:03:21AM +0100, Ignatios Souvatzis wrote:
> On Wed, Mar 20, 2002 at 10:45:04AM +0100, Ignatios Souvatzis wrote:
> > On Wed, Mar 20, 2002 at 10:36:30AM +0530, Murugan KAT wrote:
> >
> > > Let us think of a single RTM having for both V4 and V6.
On Wed, Mar 20, 2002 at 10:45:04AM +0100, Ignatios Souvatzis wrote:
> On Wed, Mar 20, 2002 at 10:36:30AM +0530, Murugan KAT wrote:
>
> > Let us think of a single RTM having for both V4 and V6.
> > But to what extent this is valid from routing stacks.? Will it be valid t
On Wed, Mar 20, 2002 at 10:36:30AM +0530, Murugan KAT wrote:
> Let us think of a single RTM having for both V4 and V6.
> But to what extent this is valid from routing stacks.? Will it be valid to
> propogate V4 routing info. also to V6 domain.? Obviously the other way is
> not valid?
In a multi
On Thu, Mar 14, 2002 at 04:23:17PM +0100, Alexandru Petrescu wrote:
> For example, how about better separating IPv6-over-Ethernet rfc2464
> from the current address architecture draft of rfc2373? My precise
> suggestion would be to move EUI-64 and Modified EUI-64 from the latter
> to the former
On Thu, Mar 07, 2002 at 01:33:46PM +0100, Karim El-Malki (ERA) wrote:
> > | You want to support IPsec and that's fine. However I don't
> > | think you always want to run IPsec when the result is for
> > | example a possible higher packet loss rate.
> >
> > No, of course you don't alway
On Wed, Mar 06, 2002 at 11:52:15AM -0500, Bound, Jim wrote:
> Margaret,
>
> What is required for a full implementation for IPv6 by the standards is
> set in stone. Vendors that don't adhere to this are risking to much.
> What they deploy and what standards is different issue.
>
> I can have IP
On Wed, Mar 06, 2002 at 12:21:08PM -0500, Bound, Jim wrote:
> It will take us years to secure all that we have to. IPsec has been
> mandated since 1996 at least. Yet is was the last IPv6 spec in products
> and I think compaq and ibm are the only vendors with product ipsec for
> ipv6.
- Plus Sol
On Tue, Mar 05, 2002 at 06:01:37PM +0100, Karim El-Malki (ERA) wrote:
> > > > What happens when that host receives an NS message?
> > >
> > > It won't because a cellular host /e.g. 3gpp) is alone on its link.
> >
> > I don't see why this should necessarily be the case, unless
> > 3gpp is
On Thu, Feb 14, 2002 at 08:18:37AM +, Tim Chown wrote:
>
> Yes, I had this too. Interestingly the messages did not show up as
> new, so I'm wondering if my version of pine was misinterpreting some form
> of digest message that someone accidentally sent out.
I didn't see this.
-is
On Fri, Dec 14, 2001 at 02:12:37PM +0800, Moter Du wrote:
> Appreciate your comments. Only people convinced e2e will benifit their
> daily life and get better results, will drop their indirect communication
> services which they live with. Then the need for IPv6 becomes common
> consensus of all
On Wed, Nov 28, 2001 at 12:34:04AM -0800, Steve Deering wrote:
> At 10:08 AM +0530 11/28/01, Jagan wrote:
> >The Hop limit in IPv6 hdr is decrimented by every intermediate node in
> >the journey of the packet. Does it mean the packet can only tranverse
> >through 256 intermediate nodes ( 2^8 )?
>
On Fri, Sep 20, 2002 at 03:31:12PM +0800, Wang Hui wrote:
> Hi, folks here,
>
> Yesterday, our campus network was attacked by the Nimda worms, and the worm invoked
>tons of rubish network traffic as a result that our campus network got broken. No
>one can enjoy the Internet any longer. ALl t
On Sat, Sep 01, 2001 at 07:53:26PM +0300, Pekka Savola wrote:
> On Sat, 1 Sep 2001, Francis Dupont wrote:
> > In your previous mail you wrote:
> >
> >RFC2460 (The IPv6 Spec) assumes that all _nodes_ (note not routers)
> >forward source routed packets.
> >
> > => this is not true, hosts ar
On Wed, Aug 22, 2001 at 08:12:54AM -0700, MANDAVILLI,SWAMY J (HP-FtCollins,ex1) wrote:
> Hi!
>
>Are there any differences between IPv6 networks
>and IPv4 networks with respect to Layer II
>(i.e., vlans etc.)?
not really (other than the protocol type value in the Layer II header).
On Mon, Aug 27, 2001 at 09:41:37PM +0900, Jun-ichiro itojun Hagino wrote:
> >> There are two kind of "anycast" proposed and operated for IPv4 - One is
> >> RFC1546 [Partridge, 1993] anycast. Another is what we call "BGP anycast"
> >> in this document; this is for replicating unicast servers by BG
On Tue, Jul 24, 2001 at 11:09:23AM -0400, Kastenholz, Frank wrote:
> At 04:27 AM 7/24/01 -0400, Ignatios Souvatzis wrote:
>
> >On Tue, Jul 24, 2001 at 04:42:37PM +1200, Sean Lin wrote:
> >
> >> As we all know, there's no ipv6 header checksum field. Therefo
On Tue, Jul 24, 2001 at 04:42:37PM +1200, Sean Lin wrote:
> As we all know, there's no ipv6 header checksum field. Therefore,
> for routers forwarding packets, the checksum of ipv6 packets cannot be
> calculated? Which means that ipv6 routers will generally have a faster
> throughput compared
On Tue, Jun 05, 2001 at 09:08:50PM -0700, Sreeram Vankadari wrote:
> True, but not all the L2 protocols support fragmentation.
> Ethernet 802.3 ARPA, LLC etc.. don't support fragmentation.
Yes, but their MTU is bigger than 1280 bytes.
-is
PGP signature
On Tue, Jun 05, 2001 at 10:05:51PM +0200, JORDI PALET MARTINEZ wrote:
> In the other way, if this happens, the fragmentation will be carried
> out at the link layer, if I'm not wrong ?
Yes, that is required of link layers with limits. E.g., an ARCnet driver
will use the ARCnet packet header stan
On Wed, May 16, 2001 at 12:51:59PM -0500, JIM FLEMING wrote:
>
> You might have missed this...
> Time for a celebrationit's OVER
> ...good-bye [...] and IPv6 allocations...
please excuse if this sounds rude, but ...
did you READ the press release you forwarded to this list?
On Fri, May 11, 2001 at 10:26:15AM +0200, Erik Nordmark wrote:
> Anything else, e.g. taking a packet with IP+TCP and making it
> IP+rthdr+TCP, breaks Path MTU discovery and
> would cause problems
would be detected/cause rejection of the packet
> if AH was used.
-is
PGP signature
On Tue, May 08, 2001 at 02:10:06AM -0700, David Terrell wrote:
> >that would hurt the native users more than the 6to4 users. It would
> >instead require action on the v4 backbone to block the encapsulated
> >6to4 traffic, and that might raise some eyebrows.
>
> Simply shutting down the 6to4 tran
On Sat, May 05, 2001 at 02:48:56AM +0900, [EMAIL PROTECTED] wrote:
> >Isn't BSD's single routing table (common for all interfaces) conflicting
> >with the conceptual model of ND with more or less independent interfaces
> >with no routing table for a host implementation but more simple things
> >su
On Tue, Apr 24, 2001 at 03:49:06PM +, Linda Olofsson Hoff wrote:
> My name is Linda and I am writing a thesis about IPv6 and I am wondering
> if you've made some investigation/estimation about when we are out of IPv4
> addresses?
>
> Magazines report different numbers but do not tell why and
On Fri, Feb 09, 2001 at 01:08:17AM -0800, nilesh modi wrote:
> Does linux redhat support ipv6 address ?
>
>
> When i tried to give my network card the ipv6 address
> , it gave me the error that INET6 not supported .
>
>
> Please guide.
I have no idea myself, but there are links to a few IPv6
On Wed, Feb 07, 2001 at 08:56:16AM -, D. J. Bernstein wrote:
> I recommend that the A6 and DNAME proposals be terminated. I've set up a
> web page on this topic:
>
>http://cr.yp.to/djbdns/killa6.html
Yes, read, and understood.
How is the example you show different from what is warned ag
On Thu, Jan 18, 2001 at 09:13:40AM -, D. J. Bernstein wrote:
This doesn't invalidate your original point, but I disagree with this:
> A recent bind-users report pointed out that BIND 8 can't find the IPv4
> address of www.monty.de, even though the monty.de configuration is valid
> and the re
On Wed, Jan 17, 2001 at 10:35:20AM +, Emanuel Monticelli wrote:
> Is there any stack that can incapsulate ipv4 in ipv6 packet, making ipv4
> connection over an ipv6 network ?
The KAME stack (e.g., as distributed with NetBSD 1.5 or later or
FreeBSD) can do this... the "gif" virtual network de
On Tue, Dec 19, 2000 at 05:49:58PM -0500, Radha Gowda wrote:
> Are there any commercially available "IPv6 core and extensions"
> implementations in the market? If not, anyone with plans to make them
> available sometime next year?
Excerpts from the ipv6.org listings:
AIX 4.3 ships with an IPv6
On Wed, Nov 29, 2000 at 03:28:56PM -0600, Brian E Carpenter wrote:
> We would have to evaluate the risk (which I guess is traffic analysis)
> versus the benefit (ability to provide QOS). That sounds like a
> user decision to me.
Of course.
Which is, why I think intermediate routers will have to
On Wed, Nov 29, 2000 at 01:40:01PM -0600, Brian E Carpenter wrote:
> OK, I understand. However I would really like to find a solution
> that works for ESP packets.
The basic idea about ESP is that we do not want to leak information.
Putting port of it into the flow label is therefore not what w
On Mon, Nov 27, 2000 at 09:19:32AM -0500, Brian Haberman wrote:
> > Title : Automatic Prefix Delegation Protocol for Internet
> > Protocol Version 6 (IPv6)
> > Author(s) : B. Haberman, J. Martin
> > Filename: draft-haberman-
On Fri, Nov 17, 2000 at 06:59:03AM -0500, [EMAIL PROTECTED] wrote:
> Therefore, IPv6 MUST be implemented in hardware, and MUST forward at line
> rates
> (ALL future line rates!) with layer 4 QoS, ACLs, and all the other goodies
> that we dream up at the same time.
I'm wondering:
- Are you als
On Mon, Oct 23, 2000 at 05:53:22PM +0530, Niveda Monyvannan wrote:
> IPv6 specs says that 'IPv6 router should take receive the
> packet destined to Subnet anycast address and the Subnet anycast address
> is nothing but the subnet prefix + interface ID as 0'
No, it does not, at least t
On Thu, Sep 21, 2000 at 05:32:30PM -0400, Okoziem Allen wrote:
> I am curious to know if there is any work currently being done with
> applications (TFTP, Telnet, FTP, Ping, Traceroute, etc )
On my favourite OS, telnet, ftp, ping and traceroute work.
I never tried tftp...
> with regards IPv6?
On Thu, Sep 14, 2000 at 08:56:19PM +0200, Joris Dobbelsteen wrote:
> I've read the drafts about NAT (finally),
>
> As Dan said, NAT will be used, what is not a problem if it's only - AND
> ONLY - used by home users that want to route there network to the Internet
> and have a simple (free) Intern
On Sat, Jul 08, 2000 at 04:00:43AM +1000, Robert Elz wrote:
> Date:Fri, 7 Jul 2000 18:57:50 +0200
> From: Ignatios Souvatzis <[EMAIL PROTECTED]>
> Message-ID: <[EMAIL PROTECTED]>
>
> This is a non-issue, because we're not doing
On Fri, Jul 07, 2000 at 07:04:47PM +0200, [EMAIL PROTECTED] wrote:
> On Sat, 8 Jul 2000, Robert Elz wrote:
>
> >| But that's where the /35 "pressure" applies because if (say) UKERNA wanted
> >| to offer a /40 to each University
> >
> > Why would i want to do that? /48 to everyone is what shou
On Fri, Jul 07, 2000 at 05:25:08PM +0100, Tim Chown wrote:
> On Fri, 7 Jul 2000, Steve Deering wrote:
>
> > /48 was intended to be the *minimum* allocation to a subscriber's site, not
> > the *maximum*. Those exceptional subscribers for whom a /48 is too small
> > are free to request larger bloc
On Sat, Jul 08, 2000 at 02:15:57AM +1000, Robert Elz wrote:
> Except that IEEE has created 64 bit MAC identifiers for use by its
> new protocols, and /80 would kill easy autoconf.
Of course.
> For sure, /80
> (even /96) leaves way too many addresses for any conceivable subnet
> to ever use them
On Fri, Jun 30, 2000 at 11:25:36AM -0400, Scott Bradner wrote:
>
> if the only thing the redirector does is forward out a special port to
> a particular server (or tunnel to the server) and all the servers
> are running as if they are using the same IP address this should work - but
> many redire
56 matches
Mail list logo