[26836] in bugtraq
Re: IPv4 mapped address considered harmful
daemon@ATHENA.MIT.EDU (Mark Tinberg)
Tue Aug 27 15:21:38 2002
Date: Thu, 22 Aug 2002 19:31:55 -0500 (CDT)
From: Mark Tinberg <tinberg@securepipe.com>
To: Jun-ichiro itojun Hagino <itojun@iijlab.net>
In-Reply-To: <20020822161840.B94107BA@starfruit.itojun.org>
Message-ID: <Pine.LNX.4.44.0208221922590.3939-100000@tinberg.wi.securepipe.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Fri, 23 Aug 2002, Jun-ichiro itojun Hagino wrote:
>
> IPv4 mapped address considered harmful
> draft-itojun-v6ops-v4mapped-harmful-00.txt
>
[snip]
I'm not sure that I agree with your analysis. The security implications
of IPv4-in-IPv6 addressing are no different than IPv4 addressing today.
Rolling out IPv6 will not remove the need for packet filtering routers
and firewalls. One can currently send IPv4 packets with the source
address set to 127.0.0.1 or 255.255.255.255 with undesirable effects,
these packets should be blocked at your border and not allowed into your
network, the same with :ffff::127:0:0:1.
No change to the IPv6 protocol or network stacks is required, one only
needs to maintain existing best practices by using simple packet filtering
devices.
--
Mark Tinberg <MTinberg@securepipe.com>
Network Security Engineer, SecurePipe Inc.
Remember: Wherever you go, there you are!
Key fingerprint = AF6B 0294 EE33 D802 F7A1 38A4 CF52 5FE0 7470 E5F7
Your daily fortune . . .
"No self-respecting fish would want to be wrapped in that kind of paper."
-- Mike Royko on the Chicago Sun-Times after it was
taken over by Rupert Murdoch
