[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE : [midcom] More on new work item

To: Jonathan Rosenberg <jdrosen at dynamicsoft.com>
Subject: Re: RE : [midcom] More on new work item
From: Joel Tran <joel.tran at USherbrooke.ca>
Date: Fri, 30 Apr 2004 10:38:20 -0400
Cc: "'Melinda Shore'" <mshore at cisco.com>, midcom at ietf.org
In-reply-to: <40917970.4050604@dynamicsoft.com>
List-help: <mailto:midcom-request@ietf.org?subject=help>
List-id: <midcom.ietf.org>
List-post: <mailto:midcom@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/midcom>,<mailto:midcom-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/midcom>,<mailto:midcom-request@ietf.org?subject=unsubscribe>
References: <000601c42dfb$648eae10$b248d284@kamel> <40917970.4050604@dynamicsoft.com>
Sender: midcom-admin at ietf.org
User-agent: Internet Messaging Program (IMP) 3.2.1

Selon Jonathan Rosenberg <jdrosen@dynamicsoft.com>:

> 
> 
> Joel Tran wrote:
> 
> > Jonathan Rosenberg, you raised a good point.
> > 
> > There are however some ISPs that are deploying NAT/Firewall (i.e. China,
> > Europe, Africa). In such case, DHCP might be useful. The ISP might do
> some
> > load balancing. Thus, DHCP method will provide a mean for the ISP to
> > configure dynamically third-end party devices. As for the security
> > information, this might be entered by the user to the third-end party
> device
> > (ex: same id/password as for the ADSL authentication).
> 
> There is a serious trust issue here. Is the ISP really going to issue a 
> username and password to every user of their network, entrusting them 
> with permissions to use midcom to manage port bindings on their network 
> wide NAT?? I certainly hope not. Thats an open invitation for 
> substantial denial of service attacks.
> 
> -Jonathan R.

Correct me if I'm wrong. I don't think it is an open invitation for DOS attack 
if there is a proper Access Control List/Policy Rule in the Midcom device which 
may limit the use of the port bindings for each user. 

...J

_______________________________________________
midcom mailing list
midcom@ietf.org
https://www1.ietf.org/mailman/listinfo/midcom

Follow-Ups:
- Re: RE : [midcom] More on new work item
  - From: Jonathan Rosenberg

References:
- RE : [midcom] More on new work item
  - From: Joel Tran
- Re: RE : [midcom] More on new work item
  - From: Jonathan Rosenberg

Prev by Date: Re: RE : [midcom] More on new work item
Next by Date: Re: RE : [midcom] More on new work item
Previous by thread: Re: RE : [midcom] More on new work item
Next by thread: Re: RE : [midcom] More on new work item
Index(es):
- Date
- Thread