ZhangDong escribió: > Dear Marcelo, > > You changes fcfs only for IPv6. > Then what about IPv4? > i think the idea is to use dhcp based solution in ipv4, since there is no stateless autconf in ipv4 > I'am sorry for missing some discussion in ml perhaps. > > > Dong Zhang > > > ----- 原始邮件 ----- > 发件人: marcelo bagnulo braun <marcelo at it.uc3m.es> > 日期: 2009年 3月 13日, 星期五, 下午5:56 > 主题: Re: A query and a kind of potential attack in draft-bagnulo-savi-fcfs-01 > 收件人: ZhangDong <zhangdong_rh at huaweisymantec.com> > 抄送: SAVI Mailing List <savi at ietf.org> > > > >> Hi Zhang, >> >> thanks for you comments. >> >> please note that there is a new version of the draft >> http://www.ietf.org/internet-drafts/draft-ietf-savi-fcfs-01.txt >> this has importnat modifications from the version you reviewed. >> Especially, it only covers IPv6 >> >> ZhangDong escribió: >> > Hi Marcelo, >> > >> > You mentioned special cases in section2.4 in fcfs-01. One of the >> special cases is o Anycast i.e. multiple hosts using the same source >> address to send packets. >> > I am puzzled. As described in RFC2460: >> > o An anycast address must not be used as the source address of >> an >> > IPv6 packet. >> > >> > o An anycast address must not be assigned to an IPv6 host, that >> is, >> > it may be assigned to an IPv6 router only. >> > How does the case that multiple hosts using the same source address >> to send packets happen? >> > >> AFAIU, irrespectivelly whatever the RFC says, anycast is widely used >> in >> IPv4 in particular in dns servers (especially root and tld servers) >> >> > In fcfs-01, the word "anycast" means the case that multiple >> link-layer addresses (such as MAC)use one IP address? >> > >> > >> well, anycast means that multiple hosts use the same IP address >> >> > The section 3.3.1 ARP-based Neighbor Unreachability Detection >> procedure in fcfs-01 designs a mechanism of NUD based on arp. >> This section is no longer avialbale in the new version, please check >> if >> your concern is valid for the IPv6 version only >> >> regards, marcelo >> >> >> > The savi device sends an ARP REQUEST packet as the NUD message. >> Suppose that an attacker has initiated arp cheating. The attacker >> responds the arp request whic is the NUD message.In this case, when >> the user really changes another IP address with the same MAC, because >> of the NUD response of the attacker, the binding o >> > >> > f IP and MAC in savi device wiil not be update. And then, the >> packets sent by the new IP address of the user will be discard by savi >> device. >> > >> > Will this problem happen? Do i have misunderstanding? >> > >> > Thank you very much. >> > >> > >> > >> > Dong Zhang >> > >> > >> > >> >> >> > >
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.