> --
>
> Date: Fri, 31 Dec 2004 17:32:24 + (GMT Standard Time)
> From: Sam Stickland <[EMAIL PROTECTED]>
> Subject: IPv6, IPSEC and deep packet inspection
>
> Since IPSEC is an integral part of IPv6 won't this have an affect on the
> deep packet inspection firewall
On Sat, Jan 01, 2005 at 10:09:24PM -0500, Sean Donelan wrote:
> > That depends very much on what is being reached. Would it be reasonable
> > for a.gtld-servers.net and b.gtld-servers.net to start silently
> > blocking v6 datagrams on a whim?
>
> There are *.root-servers.net (or the networks they
On Sat, 1 Jan 2005, Joe Abley wrote:
> On 31 Dec 2004, at 11:01, Edward B. Dreger wrote:
> > Am I missing something?
>
> For your provider, supporting pur-laine, standard-configuration
> customers is cheaper than supporting customers where each has their own
> special-case setup. Supporting a netw
> That depends very much on what is being reached. Would it be reasonable
> for a.gtld-servers.net and b.gtld-servers.net to start silently
> blocking v6 datagrams on a whim?
There are *.root-servers.net (or the networks they're behind) which
have/do block v4 datagrams on a whim, political winds,
On Sat, 01 Jan 2005 12:16:02 +0100, Iljitsch van Beijnum said:
> No, that list is just a starting point for the discussion. A lot of
> stuff in the list doesn't amount to anything. (For instance, there is
> no ARP in IPv6.)
Yeah, ARP is basically one machine yelling "Who has this IP?" and anoth
> From: "Stephen Sprunk" <[EMAIL PROTECTED]>
> Date: Fri, 31 Dec 2004 22:42:17 -0600
> Sender: [EMAIL PROTECTED]
>
>
> Thus spake <[EMAIL PROTECTED]>
> >
> > as one who has been "bit" by this already - i can say amen to
> > what Rob preacheth... the hardest part is getting folks up to
> > speed
Hi, NANOGers.
] But as long as people get to snif your packets, you're dead in the
] water unless you use IPsec.
The same is often said about SSL for web transactions. This is
why keystroke loggers are so popular in bots and other malware.
The point is that folks shouldn't assume that encrypted
Hank Nussbacher wrote:
Try the Networkers 2004 IPv6 security session (SEC-A01) from 3 weeks ago.
Abstract:
Problem is to get to the PDF you need authorization:
https://www28.cplan.com/cbc_export/PS_SEC-A01_268410_76-1_FIN_v1.pdf
Go to: http://www.cisco.com/global/EMEA/networkers/post_event_resource
> i've also been thinking that AXFR's known incoherency could be reduced
> by using some kind of in-band embargo that would bring a new zone
> version online synchronously on servers supporting this feature and
> configured to enable it for a particular zone.
>
> Or a different storage
On Fri, 31 Dec 2004, Stephen Sprunk wrote:
> Are there any layman-readable presentations or whitepapers out there that
> discuss what _new_ threat vectors IPv6 brings? Or how firewall or ACL
> tuning might be different?
Try the Networkers 2004 IPv6 security session (SEC-A01) from 3 weeks ago.
A
On 31 Dec 2004, at 11:01, Edward B. Dreger wrote:
I'm trying to persuade them that two provider/customer BGP sessions is
a
good thing,
The obvious reason for this might be explained along the lines of "your
router can reach two of our routers. We'd like a BGP session to each so
that we can take
On 31 Dec 2004, at 23:42, Stephen Sprunk wrote:
The thing about that is that, if IPv6 is identified as the channel,
it's
still quite possible to shut down IPv6 connectivity until you figure
out how
to fix things. After all, there's nothing significant out there yet
on v6
that can't be reached
On 1-jan-05, at 2:22, J. Oquendo wrote:
Supposedly the vulns associated with IPv6 are: reconnaissance, unauth'd
access, layers 3-4 spoofing, ARP and DHCP attacks, smurfs, routing
attacks, viruses andworms, translations, transistions, and tunneling
mechanisms. According to Sean Covery's IPv6 Securit
13 matches
Mail list logo
