Re: DSTM-ports Considered Harmful [Re: (ngtrans) final ngtransagendaforIETF-53 in Minneapolis]

From: Stig Venaas (Stig.Venaas_at_no.spam)
Date: Tue Mar 19 2002 - 08:51:39 PST

• Next message: Stig Venaas: "Re: DSTM-ports Considered Harmful [Re: (ngtrans) final ngtransagendaforIETF-53 in Minneapolis]"
• Previous message: Octavio Medina: "Re: DSTM-ports Considered Harmful [Re: (ngtrans) final ngtransagendaforIETF-53 in Minneapolis]"
• In reply to: Pekka Savola: "Re: DSTM-ports Considered Harmful [Re: (ngtrans) final ngtransagendaforIETF-53 in Minneapolis]"
• Next in thread: Octavio Medina: "Re: DSTM-ports Considered Harmful [Re: (ngtrans) final ngtransagendaforIETF-53 in Minneapolis]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, Mar 19, 2002 at 06:39:09PM +0200, Pekka Savola wrote:
> One way to restrict the others from misbehaving nodes would be to install
> a firewall policy in TEP which discards packets with invalid port ranges.

The effect would be similar to stealing someones IPv4 address. In general
the TEP should discard packets with invalid IPv4 source addresses (by
checking that the IPv4 address was given to the host with the IPv6 source
address used). Using ports it seems reasonable to also filter on ports.

I agree that there might be issues, and that an implementation would be
good...

Stig

• Next message: Stig Venaas: "Re: DSTM-ports Considered Harmful [Re: (ngtrans) final ngtransagendaforIETF-53 in Minneapolis]"
• Previous message: Octavio Medina: "Re: DSTM-ports Considered Harmful [Re: (ngtrans) final ngtransagendaforIETF-53 in Minneapolis]"
• In reply to: Pekka Savola: "Re: DSTM-ports Considered Harmful [Re: (ngtrans) final ngtransagendaforIETF-53 in Minneapolis]"
• Next in thread: Octavio Medina: "Re: DSTM-ports Considered Harmful [Re: (ngtrans) final ngtransagendaforIETF-53 in Minneapolis]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Fri Oct 06 2006 - 00:00:31 PDT