ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: TSVDIR review of draft-ietf-intarea-shared-addressing-issues-02

2011-02-02 19:05:42
from [Fernando Gont] [Permanent Link] 
On 02/02/2011 02:38 p.m., Joe Touch wrote:


?INT? This section is, IMO, odd; IP address never meant physical
location anyway, and tunnels obviate that meaning regardless of the
impact of NATs or other sharing techniques.


Agreed. But geo-location is nevertheless widely used for marketing
purposes.


Agreed, but whether it works now is arbitrary; it's not a design
consideration of the protocols.


Well, the protocols were not designed for production networks, either.
FWIW, geo-location is currently used, and it would be affected by
increased used of NATs.



At the least, it's worth noting that geolocation is already broken by
tunnels, and that IP addressing does not ensure geographic proximity
before attributing breakage on NATs or other sharing.


Tunnels need not break geo-location. -- They do not masquerade the
source address. Or am I missing something?

And, FWIW, I agree that usually lots of breakage is attributed to NATs,
where the brokeness is really somewhere else (e.g., app protocols
passing IP addresses).



13.4.  Port Randomisation

...

    It should be noted that guessing the port information may not be
    sufficient to carry out a successful blind attack.   The exact TCP
    Sequence Number (SN) should also be known.


There are data injection attacks that are possible even without knowing
the exact SN.


draft-ietf-tcpm-tcp-security may be of use here.


rfc5961 is already published and describes the issue in specific, and
may be more useful as a reference for this.


I disagree. It discusses only TCP-based attacks (there are many other
vectors). If you want an alternative "published" reference, here it is:
http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf

However, it's up to the authors to include this or other references -- I
just noted the tcp assessment doc for completeness sake.

Thanks,
-- 
Fernando Gont
e-mail: fernando(_at_)gont(_dot_)com(_dot_)ar || fgont(_at_)acm(_dot_)org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1




_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: TSVDIR review of draft-ietf-intarea-shared-addressing-issues-02, Joe Touch
Next by Date:  Re: TSVDIR review of draft-ietf-intarea-shared-addressing-issues-02, Joe Touch
Previous by Thread:  Re: TSVDIR review of draft-ietf-intarea-shared-addressing-issues-02, Joe Touch
Next by Thread:  Re: TSVDIR review of draft-ietf-intarea-shared-addressing-issues-02, Joe Touch
Indexes:  [Date] [Thread] [Top] [All Lists]