From jari.arkko@lmf.ericsson.se Mon Dec 2 03:14:48 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA07114 for ; Mon, 2 Dec 2002 03:14:47 -0500 (EST) Received: from esealnt612.al.sw.ericsson.se (esealnt612.al.sw.ericsson.se [153.88.254.71]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB28H4KV011296; Mon, 2 Dec 2002 09:17:04 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt612.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCS3GK8; Mon, 2 Dec 2002 09:17:04 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB28H2Z10583; Mon, 2 Dec 2002 09:17:03 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id JAA10561; Mon, 2 Dec 2002 09:16:18 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from n97.nomadiclab.com (teldanex.hiit.fi [212.68.5.99]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id JAA10556 for ; Mon, 2 Dec 2002 09:16:17 +0100 (MET) Received: from nomadiclab.com (n100.nomadiclab.com [131.160.193.100]) by n97.nomadiclab.com (Postfix) with ESMTP id 6A2AC22; Mon, 2 Dec 2002 10:23:19 +0200 (EET) Message-ID: <3DEB16D6.1030101@nomadiclab.com> Date: Mon, 02 Dec 2002 10:16:22 +0200 From: Pekka Nikander User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.3a) Gecko/20021127 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pekka Savola Cc: Bill Sommerfeld , Jari Arkko , ietf-send@standards.ericsson.net Subject: Re: New version of draft-ietf-send-psreq to be posted References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit Pekka Savola wrote: > IMO, section 7 of [MAN-SA] is not specific to manual ICMP SA's and should > be removed to either separate draft or here. There might be more, other > generic security discussion there. > > Perhaps Jari might have an opinion? Jari is on vacation this week but I'm sure he'll return to to this issue. >>> 4) it's a bit cornercase whether 4.2.5 could be counted as + in the first >>> case, at least if we assume the DynDNS vulnerability to be possible? >> >> I agree that this is a borderline case. On the other hand, I'd like >> to see a genuine host-zeroconf design for the corporate intranet case. >> That is, I'd like to make it possible to plug in a host to a corporate >> intranet without any configuration (just as today), and let it work >> securely even in the case that another host is compromised *later*. >> I'm not sure if we can easily protect against this without any host >> config. > > Agree -- I really don't have ideas how to deal with this case. IMO, nodes > should not just blindly register addresses, but whether they do it (like > that) is another issue. Perhaps another footnote.. Added this footnote: 2) The bogus DNS registration resulting from blindly registering the new address via DynDNS is not considered an ND security issue here. However, it should be noted as a possible vulnerability in implementations. --Pekka -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Mon Dec 2 14:56:19 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA07031 for ; Mon, 2 Dec 2002 14:56:19 -0500 (EST) Received: from esealnt611.al.sw.ericsson.se (esealnt611.al.sw.ericsson.se [153.88.254.68]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB2JwjKV022023; Mon, 2 Dec 2002 20:58:45 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCYQSWL; Mon, 2 Dec 2002 20:58:45 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB2Jwj227758; Mon, 2 Dec 2002 20:58:45 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id UAA23433; Mon, 2 Dec 2002 20:58:19 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from ok61043.com ([217.78.76.157]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with SMTP id UAA23426 for ; Mon, 2 Dec 2002 20:58:06 +0100 (MET) Message-Id: <200212021958.UAA23426@prdxweb.sw.ericsson.se> From: "James Irabor" Reply-To: jamesirabor@ecplaza.net Date: Mon, 2 Dec 2002 20:57:31 +0100 Subject: SEEKING INVESTMENT OPPORTUNITIE X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by prdxweb.sw.ericsson.se id UAA23430 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 8bit CONSOLIDATED FINANCE INC 82a. BRICKFIELD ROAD EBUTE-METTA WEST LAGOS-NIGERIA ATTN: THE MANAGING DIRECTOR RE: SEEKING INVESTMENT OPPORTUNITIE ATTN:THE CHIEF EXECUTIVE OFFICER WE ARE A FUND MANAGEMENT COMPANY AND ALSO ESTATE BROKERS BASED HERE IN WEST AFICA,AND ARE IN OPEREATION THROUGHOUT THE 36 STATES OF THE FEDERATION FOR OVER THIRTY YEARS.OUR COMPANY IS REGISTERED UNDER THE FEDERAL REPUBLIC OF NIGERIA. WE ARE INTERESTED IN INVESTING IN PROPERTIES IN EUROPE,ASIA AND AMERICA.WE ARE PREPARED TO INVEST UP TO THE TUNE OF SIXTY MILLION DOLLARS {60,000,000$USD.} IN REAL ESTATE,BUYING AND SELLING OF PROPERTIES OR ANY OTHER SOUND INVESTMENT IDEA.WE ARE ALSO INTERESTED IN BUYING OF STOCKS, SHARES AND JOINT PARTNERSHIP WITH SOLVENT BLUE CHIP COMPANIES IN EUROPE ASIA OR AMERICA.WE ARE PATICULARLY INTERESTED IN THESE COUNTRIES BECAUSE OF THEIR SOUND ECONOMIC SYSTEM.WE ALSO SEEK GOOD INVESTMENT TIPS AND BUSINESS OPPURTUNITY THAT WILL YEILD US A GOOD YEARLY TURNOVER.A 3% COMMISSION HAS BEEN EARMARKED FOR THIS FORM OF ASSISTANCE. WE ALSO OFFER LOANS WORLDWIDE NO SECURITY NEEDED.OUR PRINCIPAL FUNCTION IS TO FINANCE ANY VIABLE INTERNATIONAL AND DOMESTIC PROJECT THAT MAY HAVE HAD A DIFFICULT TIME IN THE PAST OR LACK SUFFICIENT COLLATERAL SUCH AS BANK GUARANTEES, BUT HAVE MERIT WORTHY PROJECTS.PLEASE NOTE THAT WE WILL ENTERTAIN ONLY VERY SERIOUS OFFERS. PLEASE NOTE THAT WE DONOT OWN FUNDS RATHER WE MANAGE FUNDS ON BEHALF OF INDIVIDUALS WHO ARE PARTICURLARLY INTERESTED IN KEEPING THE WHOLE AFFAIR CONFIDENTIAL FOR FURTHER ENQUIRIES KINDLY GET ACROSS TO ME BY TEL/FAX OF OUR LONDON OFFICE +448701398816 E-MAIL jaymes@ecplaza.net THANK YOU IN ANTICIPATION FOR YOUR PROMPT RESPONSE BEST REGARDS, Yours Sincerely, James Irabor Dr. N.B: I have not display your e-mail address due to the need for confidentiality -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Mon Dec 2 20:48:57 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA21344 for ; Mon, 2 Dec 2002 20:48:57 -0500 (EST) Received: from esealnt611.al.sw.ericsson.se (esealnt611.al.sw.ericsson.se [153.88.254.68]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB31pKQ1013500; Tue, 3 Dec 2002 02:51:20 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCYRRWD; Tue, 3 Dec 2002 02:51:20 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB31pJ204659; Tue, 3 Dec 2002 02:51:19 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id CAA13865; Tue, 3 Dec 2002 02:50:54 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from kathmandu.sun.com (kathmandu.sun.com [192.18.98.36]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id CAA13861 for ; Tue, 3 Dec 2002 02:50:53 +0100 (MET) Received: from eastmail2bur.East.Sun.COM ([129.148.13.40]) by kathmandu.sun.com (8.9.3+Sun/8.9.3) with ESMTP id SAA15148; Mon, 2 Dec 2002 18:50:49 -0700 (MST) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail2bur.East.Sun.COM (8.12.2+Sun/8.12.2/ENSMAIL,v2.2) with ESMTP id gB31omig023755; Mon, 2 Dec 2002 20:50:48 -0500 (EST) Received: from thunk (localhost [127.0.0.1]) by thunk.east.sun.com (8.12.6+Sun/8.12.3) with ESMTP id gB31omMf020608; Mon, 2 Dec 2002 20:50:48 -0500 (EST) Message-Id: <200212030150.gB31omMf020608@thunk.east.sun.com> From: Bill Sommerfeld To: "Alper E. YEGIN" cc: "Pekka Nikander" , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? In-Reply-To: Your message of "Sat, 30 Nov 2002 13:06:01 PST." <005201c298b4$4b0291b0$096015ac@AlperVAIO> Reply-to: sommerfeld@east.sun.com Date: Mon, 02 Dec 2002 20:50:48 -0500 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk > Being the one who proposed the threat in the draft, > I have to admit, it's a different beast than the other ones. > A possible solution is to rely on a complete table of > IPv6 addresses used on a link on the access routers (i.e, > like a neighbor table instead of a neighbor cache). You should probably rate-limit neighbor solicitations to previously-unseen neighbors (multicast is effectively broadcast on some links). This is also pretty similar to the SYN flood problem, and the engineering solution which worked well for SYN floods should also work here: do something more clever than tail drop when the cache is full. Hosts should worry about this problem as well. - Bill -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Mon Dec 2 21:00:30 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA21812 for ; Mon, 2 Dec 2002 21:00:29 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB322xKV020178; Tue, 3 Dec 2002 03:02:59 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YCDY4VRA; Tue, 3 Dec 2002 03:02:59 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB322w204902; Tue, 3 Dec 2002 03:02:58 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id DAA15689; Tue, 3 Dec 2002 03:02:46 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id DAA15685 for ; Tue, 3 Dec 2002 03:02:44 +0100 (MET) Received: from eastmail2bur.East.Sun.COM ([129.148.13.40]) by nwkea-mail-2.sun.com (8.9.3+Sun/8.9.3) with ESMTP id SAA20526; Mon, 2 Dec 2002 18:02:29 -0800 (PST) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail2bur.East.Sun.COM (8.12.2+Sun/8.12.2/ENSMAIL,v2.2) with ESMTP id gB322Sig024876; Mon, 2 Dec 2002 21:02:28 -0500 (EST) Received: from thunk (localhost [127.0.0.1]) by thunk.east.sun.com (8.12.6+Sun/8.12.3) with ESMTP id gB322SMf021159; Mon, 2 Dec 2002 21:02:28 -0500 (EST) Message-Id: <200212030202.gB322SMf021159@thunk.east.sun.com> From: Bill Sommerfeld To: Pekka Nikander cc: Pekka Savola , Bill Sommerfeld , Jari Arkko , ietf-send@standards.ericsson.net Subject: Re: New version of draft-ietf-send-psreq to be posted In-Reply-To: Your message of "Mon, 02 Dec 2002 10:16:22 +0200." <3DEB16D6.1030101@nomadiclab.com> Reply-to: sommerfeld@east.sun.com Date: Mon, 02 Dec 2002 21:02:28 -0500 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk I'll go through the draft a bit more thoroughly tomorrow, but.. > 2) The bogus DNS registration resulting from blindly registering > the new address via DynDNS is not considered an ND security > issue here. However, it should be noted as a possible > vulnerability in implementations. it's worth noting that, assuming that DynDNS is being used by a mobile system, the bogus DynDNS registration is "self healing" once the mobile system connects to a different network and re-registers. - Bill -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Mon Dec 2 21:14:13 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA22142 for ; Mon, 2 Dec 2002 21:14:12 -0500 (EST) Received: from esealnt612.al.sw.ericsson.se (esealnt612.al.sw.ericsson.se [153.88.254.71]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB32GgKV021870; Tue, 3 Dec 2002 03:16:42 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt612.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCSVFNV; Tue, 3 Dec 2002 03:16:42 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB32GfZ16594; Tue, 3 Dec 2002 03:16:41 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id DAA17450; Tue, 3 Dec 2002 03:16:18 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fridge.docomolabs-usa.com (key1.docomolabs-usa.com [216.98.102.225]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id DAA17446 for ; Tue, 3 Dec 2002 03:16:16 +0100 (MET) Message-ID: <001701c29a71$bc0177f0$7a6015ac@AlperVAIO> From: "Alper E. YEGIN" To: Cc: "Pekka Nikander" , References: <200212030150.gB31omMf020608@thunk.east.sun.com> Subject: Re: Should SEND deal with Remote ND DoS attack ? Date: Mon, 2 Dec 2002 18:14:37 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit > > Being the one who proposed the threat in the draft, > > I have to admit, it's a different beast than the other ones. > > A possible solution is to rely on a complete table of > > IPv6 addresses used on a link on the access routers (i.e, > > like a neighbor table instead of a neighbor cache). > > You should probably rate-limit neighbor solicitations to > previously-unseen neighbors (multicast is effectively broadcast on > some links). > > This is also pretty similar to the SYN flood problem, and the > engineering solution which worked well for SYN floods should also work > here: do something more clever than tail drop when the cache is full. Attack can be taxing both on the limited neighbor cache of the router and on the limited bandwidth resources. (broadcast is effectively one unicast per host on some links). > Hosts should worry about this problem as well. I didn't get this part. If this host is not routing, why does it have to resolve arbitrary IP addresses? (unless it's being abused by an application attempting to send packets to arbitrary on-link destinations) alper -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Mon Dec 2 22:02:44 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA23485 for ; Mon, 2 Dec 2002 22:02:44 -0500 (EST) Received: from esealnt611.al.sw.ericsson.se (esealnt611.al.sw.ericsson.se [153.88.254.68]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB335BKV026135; Tue, 3 Dec 2002 04:05:11 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCYR5FQ; Tue, 3 Dec 2002 04:05:11 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB335AZ17600; Tue, 3 Dec 2002 04:05:10 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id EAA23407; Tue, 3 Dec 2002 04:04:45 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from patan.sun.com (patan.Sun.COM [192.18.98.43]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id EAA23403 for ; Tue, 3 Dec 2002 04:04:44 +0100 (MET) Received: from eastmail2bur.East.Sun.COM ([129.148.13.40]) by patan.sun.com (8.9.3+Sun/8.9.3) with ESMTP id UAA06741; Mon, 2 Dec 2002 20:04:39 -0700 (MST) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail2bur.East.Sun.COM (8.12.2+Sun/8.12.2/ENSMAIL,v2.2) with ESMTP id gB334dig001105; Mon, 2 Dec 2002 22:04:39 -0500 (EST) Received: from thunk (localhost [127.0.0.1]) by thunk.east.sun.com (8.12.6+Sun/8.12.3) with ESMTP id gB334dMf021623; Mon, 2 Dec 2002 22:04:39 -0500 (EST) Message-Id: <200212030304.gB334dMf021623@thunk.east.sun.com> From: Bill Sommerfeld To: "Alper E. YEGIN" cc: sommerfeld@east.sun.com, "Pekka Nikander" , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? In-Reply-To: Your message of "Mon, 02 Dec 2002 18:14:37 PST." <001701c29a71$bc0177f0$7a6015ac@AlperVAIO> Reply-to: sommerfeld@east.sun.com Date: Mon, 02 Dec 2002 22:04:39 -0500 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk > (unless it's being abused by an application attempting > to send packets to arbitrary on-link destinations) Bingo. And in many cases I suspect it's very easy to trigger that sort of thing. - Bill -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Dec 3 02:37:28 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA10244 for ; Tue, 3 Dec 2002 02:37:28 -0500 (EST) Received: from esealnt612.al.sw.ericsson.se (esealnt612.al.sw.ericsson.se [153.88.254.71]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB37dnQ1011123; Tue, 3 Dec 2002 08:39:49 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt612.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCSWNQA; Tue, 3 Dec 2002 08:39:49 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB37dn212023; Tue, 3 Dec 2002 08:39:49 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id IAA18458; Tue, 3 Dec 2002 08:39:18 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from n97.nomadiclab.com (teldanex.hiit.fi [212.68.5.99]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id IAA18454 for ; Tue, 3 Dec 2002 08:39:17 +0100 (MET) Received: from nomadiclab.com (n100.nomadiclab.com [131.160.193.100]) by n97.nomadiclab.com (Postfix) with ESMTP id 360A71C; Tue, 3 Dec 2002 09:46:19 +0200 (EET) Message-ID: <3DEC5FA5.7080803@nomadiclab.com> Date: Tue, 03 Dec 2002 09:39:17 +0200 From: Pekka Nikander User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.3a) Gecko/20021127 X-Accept-Language: en-us, en MIME-Version: 1.0 To: sommerfeld@east.sun.com Cc: Pekka Savola , Jari Arkko , ietf-send@standards.ericsson.net Subject: Re: New version of draft-ietf-send-psreq to be posted References: <200212030202.gB322SMf021159@thunk.east.sun.com> In-Reply-To: <200212030202.gB322SMf021159@thunk.east.sun.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit Bill Sommerfeld wrote: > I'll go through the draft a bit more thoroughly tomorrow, but.. I'm looking forward to your more thorough comments. If possible, I'd like to get the draft into WG LC later this week or early next week. >> 2) The bogus DNS registration resulting from blindly registering >> the new address via DynDNS is not considered an ND security >> issue here. However, it should be noted as a possible >> vulnerability in implementations. > > it's worth noting that, assuming that DynDNS is being used by a mobile > system, the bogus DynDNS registration is "self healing" once the > mobile system connects to a different network and re-registers. Well, it appears to be hard to write this done in a concise form. For example, hosts using MIPv6 are probably not supposed to register their care-of-addresses. I'd rather leave the text as it is. If you want it to be changed, please propose exact text. --Pekka -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Dec 3 02:46:02 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA10417 for ; Tue, 3 Dec 2002 02:46:01 -0500 (EST) Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB37mMKV000249; Tue, 3 Dec 2002 08:48:22 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCN4XDA; Tue, 3 Dec 2002 08:48:22 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB37mL212240; Tue, 3 Dec 2002 08:48:21 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id IAA20522; Tue, 3 Dec 2002 08:48:12 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from n97.nomadiclab.com (teldanex.hiit.fi [212.68.5.99]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id IAA20517 for ; Tue, 3 Dec 2002 08:48:11 +0100 (MET) Received: from nomadiclab.com (n100.nomadiclab.com [131.160.193.100]) by n97.nomadiclab.com (Postfix) with ESMTP id 327961C; Tue, 3 Dec 2002 09:55:13 +0200 (EET) Message-ID: <3DEC61BB.4050300@nomadiclab.com> Date: Tue, 03 Dec 2002 09:48:11 +0200 From: Pekka Nikander User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.3a) Gecko/20021127 X-Accept-Language: en-us, en MIME-Version: 1.0 To: sommerfeld@east.sun.com Cc: "Alper E. YEGIN" , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? References: <200212030304.gB334dMf021623@thunk.east.sun.com> In-Reply-To: <200212030304.gB334dMf021623@thunk.east.sun.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit I added the following pieces of text to the draft: In a way, this problem is fairly similar to the TCP SYN flooding problem. Rate limitating Neighbor Solicitations, restricting the amount of state reserved for unresolved soliciations, and clever cache management should be applied. It should be noted that both hosts and routers need to worry about this problem. The router case was discussed above. Hosts are also vulnerable since the neighbor discovery process can potentially be abused by an application that is tricked into sending packets to arbitrary on-link destinations. Satisfied? ----- Now back to the process question: 1. Should SEND address this or should we kick this back to IPV6? 2. If SEND should address this, should it be addressed a) in the psreq draft, and eventually in the Informational RFC that results, b) in a separate Standards track draft/RFC? c) somewhere else? --Pekka Nikander -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Dec 3 10:57:39 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA28732 for ; Tue, 3 Dec 2002 10:57:38 -0500 (EST) Received: from esealnt611.al.sw.ericsson.se (esealnt611.al.sw.ericsson.se [153.88.254.68]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB3FxBQ1029203; Tue, 3 Dec 2002 16:59:11 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YFXDANMC; Tue, 3 Dec 2002 16:59:10 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB3FxA208217; Tue, 3 Dec 2002 16:59:10 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id QAA29644; Tue, 3 Dec 2002 16:58:31 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from ebene.inrialpes.fr (ebene.inrialpes.fr [194.199.18.70]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id QAA29613 for ; Tue, 3 Dec 2002 16:58:29 +0100 (MET) Received: from inrialpes.fr (lalena.inrialpes.fr [194.199.24.114]) by ebene.inrialpes.fr (8.11.6/8.11.6) with ESMTP id gB3FwKM07700; Tue, 3 Dec 2002 16:58:20 +0100 (MET) Message-ID: <3DECD75C.4662C525@inrialpes.fr> Date: Tue, 03 Dec 2002 17:10:04 +0100 From: Pars Mutaf X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.2-2 i686) X-Accept-Language: en MIME-Version: 1.0 To: sommerfeld@east.sun.com CC: "Alper E. YEGIN" , Pekka Nikander , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? References: <200212030150.gB31omMf020608@thunk.east.sun.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit Bill Sommerfeld wrote: > > Being the one who proposed the threat in the draft, > > I have to admit, it's a different beast than the other ones. > > A possible solution is to rely on a complete table of > > IPv6 addresses used on a link on the access routers (i.e, > > like a neighbor table instead of a neighbor cache). > > You should probably rate-limit neighbor solicitations to > previously-unseen neighbors (multicast is effectively broadcast on > some links). > > This is also pretty similar to the SYN flood problem, and the > engineering solution which worked well for SYN floods should also work > here: do something more clever than tail drop when the cache is full. > There is no engineering solution that worked well for SYN-flooding. Therefore SYN-cookies approach has been proposed and it is used today (although it introduces some other problems, people prefer it). In SYN-cookies, the target takes the advantage of the TCP 3-way handshake to check the attacker's return routability before allocating resources. In ND DoS attack you don't have such a possibility. I think we shouldn't compare this attack with SYN flooding. Both are DoS attacks OK, but the way the attack is mounted and defense possibilities are completety different. pars > > Hosts should worry about this problem as well. > > - Bill > -------------------------------------------------------------------- > To unsubscribe from this list, send email with "UNSUBSCRIBE" in the > body to . > Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html > -------------------------------------------------------------------- -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Dec 3 11:50:08 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA02268 for ; Tue, 3 Dec 2002 11:50:07 -0500 (EST) Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB3GqbQ1008222; Tue, 3 Dec 2002 17:52:37 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCN5AT6; Tue, 3 Dec 2002 17:52:37 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB3Gqb209840; Tue, 3 Dec 2002 17:52:37 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id RAA07336; Tue, 3 Dec 2002 17:52:22 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from ebene.inrialpes.fr (ebene.inrialpes.fr [194.199.18.70]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id RAA07332 for ; Tue, 3 Dec 2002 17:52:21 +0100 (MET) Received: from inrialpes.fr (lalena.inrialpes.fr [194.199.24.114]) by ebene.inrialpes.fr (8.11.6/8.11.6) with ESMTP id gB3GqCM09750; Tue, 3 Dec 2002 17:52:12 +0100 (MET) Message-ID: <3DECE3FC.343470C0@inrialpes.fr> Date: Tue, 03 Dec 2002 18:03:56 +0100 From: Pars Mutaf X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.2-2 i686) X-Accept-Language: en MIME-Version: 1.0 To: Pekka Nikander CC: sommerfeld@east.sun.com, "Alper E. YEGIN" , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? References: <200212030304.gB334dMf021623@thunk.east.sun.com> <3DEC61BB.4050300@nomadiclab.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit Pekka Nikander wrote: > I added the following pieces of text to the draft: > > In a way, this problem is fairly similar to the TCP SYN flooding > problem. Rate limitating Neighbor Solicitations, restricting the > amount of state reserved for unresolved soliciations, and clever > cache management should be applied. > Hello, IMVHO, the above text is misleading. The result of rate limiting Neighbor Solicitations would be buffer overflow or session setup delays. Restricting the amount of state reserved would result in denial-of-service to new legitimate correspondent nodes. So, I don't see how the above text will solve the problem. pars > It should be noted that both hosts and routers need to worry about > this problem. The router case was discussed above. Hosts are also > vulnerable since the neighbor discovery process can potentially be > abused by an application that is tricked into sending packets to > arbitrary on-link destinations. > > Satisfied? > > ----- > > Now back to the process question: > > 1. Should SEND address this or should we kick this back to IPV6? > > 2. If SEND should address this, should it be addressed > a) in the psreq draft, and eventually in the > Informational RFC that results, > b) in a separate Standards track draft/RFC? > c) somewhere else? > > --Pekka Nikander > > -------------------------------------------------------------------- > To unsubscribe from this list, send email with "UNSUBSCRIBE" in the > body to . > Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html > -------------------------------------------------------------------- -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Dec 3 13:11:17 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA07196 for ; Tue, 3 Dec 2002 13:11:16 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB3IDiQ1016169; Tue, 3 Dec 2002 19:13:44 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YCDY5XHQ; Tue, 3 Dec 2002 19:13:44 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB3IDh211837; Tue, 3 Dec 2002 19:13:43 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id TAA17532; Tue, 3 Dec 2002 19:13:20 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from TNEXVS01.tahoenetworks.com (nat-63-99-114-2.tahoenetworks.com [63.99.114.2]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id TAA17528 for ; Tue, 3 Dec 2002 19:13:18 +0100 (MET) Received: from TNEXVS02.tahoenetworks.com ([10.10.1.132]) by TNEXVS01.tahoenetworks.com with Microsoft SMTPSVC(5.0.2195.2966); Tue, 3 Dec 2002 10:13:17 -0800 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Should SEND deal with Remote ND DoS attack ? x-mimeole: Produced By Microsoft Exchange V6.0.6249.0 Date: Tue, 3 Dec 2002 10:13:15 -0800 Message-ID: <416B5AF360DED54088DAD3CA8BFBEA6E0134A34D@TNEXVS02.tahoenetworks.com> Thread-Topic: Should SEND deal with Remote ND DoS attack ? Thread-Index: AcKaeOFZsEZYTJqxQlCQJgRyegZcQgAffJKA From: "Mohan Parthasarathy" To: , "Alper E. YEGIN" Cc: "Pekka Nikander" , X-OriginalArrivalTime: 03 Dec 2002 18:13:17.0029 (UTC) FILETIME=[A710C950:01C29AF7] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by prdxweb.sw.ericsson.se id TAA17529 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 8bit > > > (unless it's being abused by an application attempting > > to send packets to arbitrary on-link destinations) > > Bingo. And in many cases I suspect it's very easy to trigger > that sort of thing. > I am not sure whether there is an easy fix to this problem or not without affecting the normal behavior. Are you saying that SEND should care about this or not ? -mohan > - Bill > -------------------------------------------------------------------- > To unsubscribe from this list, send email with "UNSUBSCRIBE" > in the body to . > Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html > -------------------------------------------------------------------- > -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Dec 3 14:48:54 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA13068 for ; Tue, 3 Dec 2002 14:48:54 -0500 (EST) Received: from esealnt611.al.sw.ericsson.se (esealnt611.al.sw.ericsson.se [153.88.254.68]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB3JpCQ1022621; Tue, 3 Dec 2002 20:51:12 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YFXDBPF4; Tue, 3 Dec 2002 20:51:12 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB3JpB214250; Tue, 3 Dec 2002 20:51:11 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id UAA00947; Tue, 3 Dec 2002 20:50:55 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id UAA00943 for ; Tue, 3 Dec 2002 20:50:53 +0100 (MET) Received: from eastmail2bur.East.Sun.COM ([129.148.13.40]) by nwkea-mail-2.sun.com (8.9.3+Sun/8.9.3) with ESMTP id LAA15515; Tue, 3 Dec 2002 11:50:41 -0800 (PST) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail2bur.East.Sun.COM (8.12.2+Sun/8.12.2/ENSMAIL,v2.2) with ESMTP id gB3Jofig018950; Tue, 3 Dec 2002 14:50:41 -0500 (EST) Received: from thunk (localhost [127.0.0.1]) by thunk.east.sun.com (8.12.6+Sun/8.12.3) with ESMTP id gB3JoeMf028887; Tue, 3 Dec 2002 14:50:40 -0500 (EST) Message-Id: <200212031950.gB3JoeMf028887@thunk.east.sun.com> From: Bill Sommerfeld To: Pars Mutaf cc: sommerfeld@east.sun.com, "Alper E. YEGIN" , Pekka Nikander , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? In-Reply-To: Your message of "Tue, 03 Dec 2002 17:10:04 +0100." <3DECD75C.4662C525@inrialpes.fr> Reply-to: sommerfeld@east.sun.com Date: Tue, 03 Dec 2002 14:50:40 -0500 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk > There is no engineering solution that worked well for SYN-flooding. This is quite simply false. For a line-rate SYN flood, you just need to be able to "absorb" a bit over a delay-bandwidth product or so of outstanding syn's so the good connections can ACK the SYN/ACK while the duds just age out. see (among other places): http://people.freebsd.org/~jlemon/papers/syncache.pdf (as the paper cites, similar work was done earlier on BSDI and NetBSD; something similar is also in solaris). In the case of the "remote ND DoS" attack, the "delay" part is the delay across the local link, which in many cases of interest to this WG will be relatively small. - Bill -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Dec 3 20:36:18 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA29020 for ; Tue, 3 Dec 2002 20:36:17 -0500 (EST) Received: from esealnt612.al.sw.ericsson.se (esealnt612.al.sw.ericsson.se [153.88.254.71]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB41cfKV007800; Wed, 4 Dec 2002 02:38:41 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt612.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCS8R4R; Wed, 4 Dec 2002 02:38:41 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB41ceZ00036; Wed, 4 Dec 2002 02:38:40 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id CAA17246; Wed, 4 Dec 2002 02:38:10 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fridge.docomolabs-usa.com (key1.docomolabs-usa.com [216.98.102.225]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id CAA17242 for ; Wed, 4 Dec 2002 02:38:08 +0100 (MET) Message-ID: <003d01c29b35$920135c0$506015ac@AlperVAIO> From: "Alper E. YEGIN" To: "Pekka Nikander" , Cc: References: <200212030304.gB334dMf021623@thunk.east.sun.com> <3DEC61BB.4050300@nomadiclab.com> Subject: Re: Should SEND deal with Remote ND DoS attack ? Date: Tue, 3 Dec 2002 17:35:57 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit just one comment: > I added the following pieces of text to the draft: > > In a way, this problem is fairly similar to the TCP SYN flooding > problem. Rate limitating Neighbor Solicitations, restricting the > amount of state reserved for unresolved soliciations, and clever > cache management should be applied. do we really want to get into solution space in this document? I guess not. alper -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Dec 3 20:42:39 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA29151 for ; Tue, 3 Dec 2002 20:42:38 -0500 (EST) Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB41j8KV008350; Wed, 4 Dec 2002 02:45:08 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCN652T; Wed, 4 Dec 2002 02:45:08 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB41j7Z00194; Wed, 4 Dec 2002 02:45:07 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id CAA17466; Wed, 4 Dec 2002 02:44:51 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fridge.docomolabs-usa.com (key1.docomolabs-usa.com [216.98.102.225]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id CAA17462 for ; Wed, 4 Dec 2002 02:44:50 +0100 (MET) Message-ID: <003e01c29b36$8212e1d0$506015ac@AlperVAIO> From: "Alper E. YEGIN" To: Cc: , "Pekka Nikander" , References: <200212030304.gB334dMf021623@thunk.east.sun.com> Subject: Re: Should SEND deal with Remote ND DoS attack ? Date: Tue, 3 Dec 2002 17:43:11 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit > > (unless it's being abused by an application attempting > > to send packets to arbitrary on-link destinations) > > Bingo. And in many cases I suspect it's very easy to trigger that > sort of thing. Actually, to go one step further, I think we can see two different attacks here. The malicious application might be running on the victim host. For each different on-link destination this app attempts to send a packet to, associated state is created in the neighbor cache, hence a way to deplete resources. (well, there are other resources this malicious app can suck up too). The other is, there might be a malicious host on the same link, and sending, say ping packets, with random on-link source addresses. Again, each corresponding icmp echo replies will create a neighbor cache entry on the victim host. This type of threat is not available to off-link attackers since ingress filtering routers won't let their packet come in. alper -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 03:30:41 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA02184 for ; Wed, 4 Dec 2002 03:30:41 -0500 (EST) Received: from esealnt612.al.sw.ericsson.se (esealnt612.al.sw.ericsson.se [153.88.254.71]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB48X9Q1022683; Wed, 4 Dec 2002 09:33:09 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt612.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCS0L38; Wed, 4 Dec 2002 09:33:09 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB48X7Z09121; Wed, 4 Dec 2002 09:33:08 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id JAA29134; Wed, 4 Dec 2002 09:32:26 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from n97.nomadiclab.com (teldanex.hiit.fi [212.68.5.99]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id JAA29130 for ; Wed, 4 Dec 2002 09:32:25 +0100 (MET) Received: from nomadiclab.com (n100.nomadiclab.com [131.160.193.100]) by n97.nomadiclab.com (Postfix) with ESMTP id 5E3831C; Wed, 4 Dec 2002 10:39:26 +0200 (EET) Message-ID: <3DEDBD9B.3030400@nomadiclab.com> Date: Wed, 04 Dec 2002 10:32:27 +0200 From: Pekka Nikander User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.3a) Gecko/20021127 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Alper E. YEGIN" Cc: sommerfeld@east.sun.com, ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? References: <200212030304.gB334dMf021623@thunk.east.sun.com> <3DEC61BB.4050300@nomadiclab.com> <003d01c29b35$920135c0$506015ac@AlperVAIO> In-Reply-To: <003d01c29b35$920135c0$506015ac@AlperVAIO> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit Alper E. YEGIN wrote: > just one comment: > > >>I added the following pieces of text to the draft: >> >> In a way, this problem is fairly similar to the TCP SYN flooding >> problem. Rate limitating Neighbor Solicitations, restricting the >> amount of state reserved for unresolved soliciations, and clever >> cache management should be applied. > > > do we really want to get into solution space in this document? > I guess not. Well, in Section 1 it is stated: This document occasionally discusses solution proposals, such as CGA [CGA] and ABK [ABK]. However, the discussion is solely for illustrative purposes. It is meant to give the readers a more concrete idea of some possible solutions. It does NOT indicate any preference on solutions on the behalf of the authors or the working group. Thus, I think it is safe to include such a vague solution proposal, isn't it? Well, I changed the wording to be more suggestive: "should be" -> "may be" --Pekka -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 03:45:11 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA02491 for ; Wed, 4 Dec 2002 03:45:09 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB48lTKV005675; Wed, 4 Dec 2002 09:47:29 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YCDY89Y1; Wed, 4 Dec 2002 09:47:29 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB48lS201417; Wed, 4 Dec 2002 09:47:28 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id JAA01074; Wed, 4 Dec 2002 09:47:17 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from n97.nomadiclab.com (teldanex.hiit.fi [212.68.5.99]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id JAA01070 for ; Wed, 4 Dec 2002 09:47:16 +0100 (MET) Received: from nomadiclab.com (n100.nomadiclab.com [131.160.193.100]) by n97.nomadiclab.com (Postfix) with ESMTP id D061B1C; Wed, 4 Dec 2002 10:54:17 +0200 (EET) Message-ID: <3DEDC116.1090902@nomadiclab.com> Date: Wed, 04 Dec 2002 10:47:18 +0200 From: Pekka Nikander User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.3a) Gecko/20021127 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pars Mutaf Cc: sommerfeld@east.sun.com, "Alper E. YEGIN" , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? References: <200212030304.gB334dMf021623@thunk.east.sun.com> <3DEC61BB.4050300@nomadiclab.com> <3DECE3FC.343470C0@inrialpes.fr> In-Reply-To: <3DECE3FC.343470C0@inrialpes.fr> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit > Pekka Nikander wrote: >>I added the following pieces of text to the draft: >> >> In a way, this problem is fairly similar to the TCP SYN flooding >> problem. Rate limitating Neighbor Solicitations, restricting the >> amount of state reserved for unresolved soliciations, and clever >> cache management should be applied. Pars Mutaf wrote: > IMVHO, the above text is misleading. The result of rate limiting > Neighbor Solicitations would be buffer overflow or session setup > delays. Restricting the amount of state reserved would result in > denial-of-service to new legitimate correspondent nodes. So, I don't > see how the above text will solve the problem. Well, if you don't do anything for a DoS attack, you are in trouble, too. Besides, IP is a stateless protocol. Thus, if your router can't deliver some packet due to ND failing under a DoS attack, you can always try again. Do you have some better suggestion in mind? Remember, the solutions proposal text in this document is only suggestive, not normative. --Pekka Nikander -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 05:33:49 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA05331 for ; Wed, 4 Dec 2002 05:33:48 -0500 (EST) Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4AaHKV015239; Wed, 4 Dec 2002 11:36:17 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCN0ADK; Wed, 4 Dec 2002 11:36:17 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4AaH216436; Wed, 4 Dec 2002 11:36:17 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id LAA15845; Wed, 4 Dec 2002 11:35:59 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from ebene.inrialpes.fr (ebene.inrialpes.fr [194.199.18.70]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id LAA15841 for ; Wed, 4 Dec 2002 11:35:57 +0100 (MET) Received: from inrialpes.fr (lalena.inrialpes.fr [194.199.24.114]) by ebene.inrialpes.fr (8.11.6/8.11.6) with ESMTP id gB4AZjM02292; Wed, 4 Dec 2002 11:35:45 +0100 (MET) Message-ID: <3DEDDD42.FF370F0C@inrialpes.fr> Date: Wed, 04 Dec 2002 11:47:30 +0100 From: Pars Mutaf X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.2-2 i686) X-Accept-Language: en MIME-Version: 1.0 To: Pekka Nikander CC: sommerfeld@east.sun.com, "Alper E. YEGIN" , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? References: <200212030304.gB334dMf021623@thunk.east.sun.com> <3DEC61BB.4050300@nomadiclab.com> <3DECE3FC.343470C0@inrialpes.fr> <3DEDC116.1090902@nomadiclab.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit Pekka Nikander wrote: > > Pekka Nikander wrote: > >>I added the following pieces of text to the draft: > >> > >> In a way, this problem is fairly similar to the TCP SYN flooding > >> problem. Rate limitating Neighbor Solicitations, restricting the > >> amount of state reserved for unresolved soliciations, and clever > >> cache management should be applied. > > Pars Mutaf wrote: > > IMVHO, the above text is misleading. The result of rate limiting > > Neighbor Solicitations would be buffer overflow or session setup > > delays. Restricting the amount of state reserved would result in > > denial-of-service to new legitimate correspondent nodes. So, I don't > > see how the above text will solve the problem. > > Well, if you don't do anything for a DoS attack, you are in trouble, > too. Besides, IP is a stateless protocol. Thus, if your router > can't deliver some packet due to ND failing under a DoS attack, > you can always try again. > I think it depends on the rate of Neighbor Solicitations and the attacker's flooding capacity. If there are 10000 malicious packets waiting in the queue and served at a limited rate, then the subnet will be temporarily disconnected. You can limit the queue size of course, but the attacker can easily fill it up in this case. But, having no better solution in mind :-) I would only suggest to reconsider the SYN-flooding comparison (really different protocol and different attack) and may be considering the possible side effects of the proposed solutions. The above text gives the impression that the defense is trivial, which would be misleading IMHO. Thanks, pars > > Do you have some better suggestion in mind? Remember, the solutions > proposal text in this document is only suggestive, not normative. > > --Pekka Nikander -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 06:05:49 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA05963 for ; Wed, 4 Dec 2002 06:05:48 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4B80Q1009235; Wed, 4 Dec 2002 12:08:00 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YCDY0K57; Wed, 4 Dec 2002 12:07:59 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4B7x217281; Wed, 4 Dec 2002 12:07:59 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id MAA20198; Wed, 4 Dec 2002 12:07:37 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from n97.nomadiclab.com (teldanex.hiit.fi [212.68.5.99]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id MAA20194 for ; Wed, 4 Dec 2002 12:07:35 +0100 (MET) Received: from nomadiclab.com (n100.nomadiclab.com [131.160.193.100]) by n97.nomadiclab.com (Postfix) with ESMTP id AAC0D1C; Wed, 4 Dec 2002 13:14:36 +0200 (EET) Message-ID: <3DEDE1F6.8020906@nomadiclab.com> Date: Wed, 04 Dec 2002 13:07:34 +0200 From: Pekka Nikander User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.3a) Gecko/20021203 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pars Mutaf Cc: sommerfeld@east.sun.com, "Alper E. YEGIN" , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? References: <200212030304.gB334dMf021623@thunk.east.sun.com> <3DEC61BB.4050300@nomadiclab.com> <3DECE3FC.343470C0@inrialpes.fr> <3DEDC116.1090902@nomadiclab.com> <3DEDDD42.FF370F0C@inrialpes.fr> In-Reply-To: <3DEDDD42.FF370F0C@inrialpes.fr> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit Pars Mutaf wrote: > But, having no better solution in mind :-) I would only suggest > to reconsider the SYN-flooding comparison (really different protocol > and different attack) and may be considering the possible side > effects of the proposed solutions. > > The above text gives the impression that the defense is trivial, which > would be misleading IMHO. Personally I have difficulties understanding your position. However, I want to be here very open minded and listen carefully. Would you please tell us why, exactly, do you think that this is so different from TCP SYN-flooding situation? In both cases someone needs to preserve resources for handling a packet that comes from an unknown source. Same kind of solutions, engineering or cookie-like, probably apply. Your model of queuing up requests is sure to lead to a bad situation. However, what I tried to suggest in the draft was a combination of rate limitation, limited memory space, and clever cache/queue management. That is, you drop packets that require ND already when they arrive at router (most routers do that already now?), and if you wait-for-NA memory is already full, use some probabilistic algorithm to either drop something from that memory or don't send the NS at all. You still have some probability for the good packets to succeed. Remember that it is a rather rare situation that you have a non-communicating host on a link, and you suddenly receive a packet destined to that host. It is much more usual that the host becomes active itself, or that a packet arriving from outside is destined to a host that is already active. If we think about a typical situation where the local link is much faster than the remote link, e.g., 100 Mbs Ethernet vs. 2 Mbps DSL, you can get maybe something like 50 000 packets per second from the remote link. If we think that each of these causes ND, and the typical RTT over the local link is at max 10ms, you need a buffer for 500 (or maybe 1000) outstanding ND requests. That is much, but maybe not too much. If you rate limit your ND requests to 1000 per second, much smaller memory (just 20 outstanding requests) is enough, but it will take much longer for a new host in the network to gain connectivity. Sigh, the more I write the more details come to my mind, and I wouldn't like to go into very details in an e-mail. Maybe somebody could write a brief drafty draft about this? I'd like to hear the opinion of the other WG members on this. Comments, please! --Pekka Nikander -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 07:17:08 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA07284 for ; Wed, 4 Dec 2002 07:17:08 -0500 (EST) Received: from esealnt612.al.sw.ericsson.se (esealnt612.al.sw.ericsson.se [153.88.254.71]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4CJVQ1029626; Wed, 4 Dec 2002 13:19:31 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt612.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YBCTB4BJ; Wed, 4 Dec 2002 13:19:31 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4CJUZ26728; Wed, 4 Dec 2002 13:19:30 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id NAA00118; Wed, 4 Dec 2002 13:18:54 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from n97.nomadiclab.com (teldanex.hiit.fi [212.68.5.99]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id NAA00113 for ; Wed, 4 Dec 2002 13:18:53 +0100 (MET) Received: from nomadiclab.com (n100.nomadiclab.com [131.160.193.100]) by n97.nomadiclab.com (Postfix) with ESMTP id D5A2F1C; Wed, 4 Dec 2002 14:25:54 +0200 (EET) Message-ID: <3DEDF2AB.3010204@nomadiclab.com> Date: Wed, 04 Dec 2002 14:18:51 +0200 From: Pekka Nikander User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.3a) Gecko/20021203 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pars Mutaf , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? References: <200212030304.gB334dMf021623@thunk.east.sun.com> <3DEC61BB.4050300@nomadiclab.com> <3DECE3FC.343470C0@inrialpes.fr> <3DEDC116.1090902@nomadiclab.com> <3DEDDD42.FF370F0C@inrialpes.fr> <3DEDE1F6.8020906@nomadiclab.com> <3DEDF085.88F09312@inrialpes.fr> In-Reply-To: <3DEDF085.88F09312@inrialpes.fr> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit Pars Mutaf wrote: > so I wanted to make sure that I understand correctly. For example > I don't understand how a cookie can apply to this attack > without changing the correspondent node implementation etc. > > I thought that the attack was different from SYN-flooding because > you can't solve it using cookies for example. Well, SEND is all about *changing* ND to make it more secure. I could easily imagine a situation where a router includes a cookie in an NS message, and expects the host to include the same cookie in its NA response. In that way we could avoid creating state in the router when it receives a packet from the outside and needs to perform ND. But I'm not a particular fan of that solution. IMHO, traditional engineering seems to be a better solution here. But, as I said, I am listening, or at least trying to. Actually, Pars, I would encourage you to write a personal draft about the various ways you think this problem could be solved. Or even just to specify the problem more clearly, and try to quantify it with a number of scenario examples, e.g. a busy server LAN a la Google, a root DNS server LAN, a home network with DSL/Cable connection, etc. That would help us to better understand the scale of the problem. --Pekka Nikander -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 12:22:51 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA23344 for ; Wed, 4 Dec 2002 12:22:50 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4HPGQ1011252; Wed, 4 Dec 2002 18:25:16 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YCDZCHZY; Wed, 4 Dec 2002 18:25:16 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4HPFZ23327; Wed, 4 Dec 2002 18:25:15 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id SAA12678; Wed, 4 Dec 2002 18:24:50 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from leonis.nus.edu.sg (leonis.nus.edu.sg [137.132.1.18]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id SAA12674 for ; Wed, 4 Dec 2002 18:24:48 +0100 (MET) Received: from straylight ([137.132.31.159]) by leonis.nus.edu.sg (8.12.1/8.12.1) with ESMTP id gB4HQB5M022796 for ; Thu, 5 Dec 2002 01:26:12 +0800 (SGT) Received: by straylight (Postfix, from userid 1000) id 95376B0669; Thu, 5 Dec 2002 01:24:43 +0800 (SGT) Date: Thu, 5 Dec 2002 01:24:43 +0800 To: ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? Message-ID: <20021204172443.GA1519@icr.a-star.edu.sg> Mail-Followup-To: parijat@icr.a-star.edu.sg, ietf-send@standards.ericsson.net References: <200212030304.gB334dMf021623@thunk.east.sun.com> <003e01c29b36$8212e1d0$506015ac@AlperVAIO> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <003e01c29b36$8212e1d0$506015ac@AlperVAIO> User-Agent: Mutt/1.4i From: parijat@icr.a-star.edu.sg (Parijat) Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk On Tue, Dec 03, 2002 at 05:43:11PM -0800, Alper E. YEGIN wrote: > The malicious application might be running on the victim host. > For each different on-link destination this app attempts to > send a packet to, associated state is created in the neighbor > cache, hence a way to deplete resources. (well, there are other > resources this malicious app can suck up too). ---end quoted text--- Does it have to be a mailicous application? I can't think of any, but are there (genuine) applications using protocols that would try to connect to any host whose IP(v6) address they received, say in the payload of a message? Hope nonesuch were blesses by IETF ;-) -- Sincerely, Parijat Mishra R & D Engineer, Institute for Communications Research Tel: (65)68709353 -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 12:27:11 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA23740 for ; Wed, 4 Dec 2002 12:27:10 -0500 (EST) Received: from esealnt611.al.sw.ericsson.se (esealnt611.al.sw.ericsson.se [153.88.254.68]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4HTgQ1011691; Wed, 4 Dec 2002 18:29:42 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YFXD28TW; Wed, 4 Dec 2002 18:29:42 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4HTg216337; Wed, 4 Dec 2002 18:29:42 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id SAA12872; Wed, 4 Dec 2002 18:29:32 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from nwkea-mail-1.sun.com (nwkea-mail-1.sun.com [192.18.42.13]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id SAA12868 for ; Wed, 4 Dec 2002 18:29:31 +0100 (MET) Received: from eastmail1bur.East.Sun.COM ([129.148.9.49]) by nwkea-mail-1.sun.com (8.9.3+Sun/8.9.3) with ESMTP id JAA26362; Wed, 4 Dec 2002 09:29:26 -0800 (PST) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail1bur.East.Sun.COM (8.12.2+Sun/8.12.2/ENSMAIL,v2.2) with ESMTP id gB4HTQ9x020180; Wed, 4 Dec 2002 12:29:26 -0500 (EST) Received: from thunk (localhost [127.0.0.1]) by thunk.east.sun.com (8.12.6+Sun/8.12.3) with ESMTP id gB4HTPMf010996; Wed, 4 Dec 2002 12:29:25 -0500 (EST) Message-Id: <200212041729.gB4HTPMf010996@thunk.east.sun.com> From: Bill Sommerfeld To: "Alper E. YEGIN" cc: sommerfeld@east.sun.com, "Pekka Nikander" , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? In-Reply-To: Your message of "Tue, 03 Dec 2002 17:43:11 PST." <003e01c29b36$8212e1d0$506015ac@AlperVAIO> Reply-to: sommerfeld@east.sun.com Date: Wed, 04 Dec 2002 12:29:25 -0500 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk > This type of threat is not available to off-link attackers since > ingress filtering routers won't let their packet come in. I think you're being overly optimistic. Large fractions of the ipv4 internet do not do ingress filtering. It's not clear whether v6 routers do ingress filtering in their default out-of-box config (and I rather suspect that they won't) I predict that large fractions of the v6 network will not do ingress filtering and thus it is conservative/defensive to assume it won't always be there. - Bill -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 12:39:47 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24370 for ; Wed, 4 Dec 2002 12:39:46 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4HftKV013994; Wed, 4 Dec 2002 18:41:55 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YCDZCK2X; Wed, 4 Dec 2002 18:41:55 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4HfsZ23661; Wed, 4 Dec 2002 18:41:54 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id SAA14677; Wed, 4 Dec 2002 18:41:40 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from leonis.nus.edu.sg (leonis.nus.edu.sg [137.132.1.18]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id SAA14672 for ; Wed, 4 Dec 2002 18:41:37 +0100 (MET) Received: from straylight ([137.132.31.159]) by leonis.nus.edu.sg (8.12.1/8.12.1) with ESMTP id gB4Hh25M023431 for ; Thu, 5 Dec 2002 01:43:02 +0800 (SGT) Received: by straylight (Postfix, from userid 1000) id BFC28B0669; Thu, 5 Dec 2002 01:41:34 +0800 (SGT) Date: Thu, 5 Dec 2002 01:41:34 +0800 To: ietf-send@standards.ericsson.net Subject: Re: New version of draft-ietf-send-psreq to be posted Message-ID: <20021204174134.GB1519@icr.a-star.edu.sg> Mail-Followup-To: parijat@icr.a-star.edu.sg, ietf-send@standards.ericsson.net References: <3DE610CB.3070600@nomadiclab.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i From: parijat@icr.a-star.edu.sg (Parijat) Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk On Thu, Nov 28, 2002 at 08:16:01PM +0200, Pekka Savola wrote: > 1) is there a need to clarify the stance wrt. the use of encryption > somehow? > I don't know if encryption is supposed to imply authentication here, but... Section 3.0: 1. A model where all authenticated nodes trust each other. I am confused as to what "authenticated" means. Perhaps this means that ND/RD packets are protected by AH? But that can't be, since SEND is about solving the bootstrapping problems wrt ND. I have not read [MAN-SA] yet. If this issue is addressed there, do ignore me. -- Sincerely, Parijat Mishra R & D Engineer, Institute for Communications Research Tel: (65)68709353 -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 13:08:44 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA25951 for ; Wed, 4 Dec 2002 13:08:44 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4IBDKV017647; Wed, 4 Dec 2002 19:11:13 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YCDZC3DA; Wed, 4 Dec 2002 19:11:13 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4IBCZ24348; Wed, 4 Dec 2002 19:11:12 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id TAA18820; Wed, 4 Dec 2002 19:10:59 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from TNEXVS01.tahoenetworks.com (nat-63-99-114-2.tahoenetworks.com [63.99.114.2]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id TAA18813 for ; Wed, 4 Dec 2002 19:10:58 +0100 (MET) Received: from TNEXVS02.tahoenetworks.com ([10.10.1.132]) by TNEXVS01.tahoenetworks.com with Microsoft SMTPSVC(5.0.2195.2966); Wed, 4 Dec 2002 10:10:57 -0800 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Should SEND deal with Remote ND DoS attack ? x-mimeole: Produced By Microsoft Exchange V6.0.6249.0 Date: Wed, 4 Dec 2002 10:10:56 -0800 Message-ID: <416B5AF360DED54088DAD3CA8BFBEA6E0134A351@TNEXVS02.tahoenetworks.com> Thread-Topic: Should SEND deal with Remote ND DoS attack ? Thread-Index: AcKaoInQgFwW5GxLQledFpqboMKJ8ABHZ2nw From: "Mohan Parthasarathy" To: "Pekka Nikander" , Cc: "Alper E. YEGIN" , X-OriginalArrivalTime: 04 Dec 2002 18:10:57.0221 (UTC) FILETIME=[7E258750:01C29BC0] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by prdxweb.sw.ericsson.se id TAA18814 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 8bit > > > I added the following pieces of text to the draft: > > In a way, this problem is fairly similar to the TCP SYN flooding > problem. Rate limitating Neighbor Solicitations, restricting the > amount of state reserved for unresolved soliciations, and clever > cache management should be applied. > There are implementations that already implement a destination cache (includes off-link and on-link as described in rfc2461) which already has some techniques to limit such DoS attacks. So, extending this to neighbor cache should not be that difficult. I am assuming that the above text indicates that no other special solution will be developed by SEND WG and the above is sufficient. > It should be noted that both hosts and routers need to worry about > this problem. The router case was discussed above. > Hosts are also > vulnerable since the neighbor discovery process can potentially be > abused by an application that is tricked into sending packets to > arbitrary on-link destinations. > > Satisfied? > Sounds good to me. > ----- > > Now back to the process question: > > 1. Should SEND address this or should we kick this back to IPV6? > SEND. > 2. If SEND should address this, should it be addressed > a) in the psreq draft, and eventually in the > Informational RFC that results, This would be sufficient. > b) in a separate Standards track draft/RFC? > c) somewhere else? > > --Pekka Nikander > -mohan > > -------------------------------------------------------------------- > To unsubscribe from this list, send email with "UNSUBSCRIBE" > in the body to . > Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html > -------------------------------------------------------------------- > -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 13:28:44 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA26964 for ; Wed, 4 Dec 2002 13:28:43 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4IVDKV020158; Wed, 4 Dec 2002 19:31:13 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YCDZCQLG; Wed, 4 Dec 2002 19:31:13 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4IVC217644; Wed, 4 Dec 2002 19:31:12 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id TAA22405; Wed, 4 Dec 2002 19:30:56 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from pheriche.sun.com (pheriche.sun.com [192.18.98.34]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id TAA22395 for ; Wed, 4 Dec 2002 19:30:54 +0100 (MET) Received: from eastmail1bur.East.Sun.COM ([129.148.9.49]) by pheriche.sun.com (8.9.3+Sun/8.9.3) with ESMTP id LAA05514; Wed, 4 Dec 2002 11:30:49 -0700 (MST) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail1bur.East.Sun.COM (8.12.2+Sun/8.12.2/ENSMAIL,v2.2) with ESMTP id gB4IUn9x003228; Wed, 4 Dec 2002 13:30:49 -0500 (EST) Received: from thunk (localhost [127.0.0.1]) by thunk.east.sun.com (8.12.6+Sun/8.12.3) with ESMTP id gB4IUmMf011487; Wed, 4 Dec 2002 13:30:48 -0500 (EST) Message-Id: <200212041830.gB4IUmMf011487@thunk.east.sun.com> From: Bill Sommerfeld To: parijat@icr.a-star.edu.sg (Parijat) cc: ietf-send@standards.ericsson.net Subject: Re: New version of draft-ietf-send-psreq to be posted In-Reply-To: Your message of "Thu, 05 Dec 2002 01:41:34 +0800." <20021204174134.GB1519@icr.a-star.edu.sg> Reply-to: sommerfeld@east.sun.com Date: Wed, 04 Dec 2002 13:30:48 -0500 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk > I am confused as to what "authenticated" means. Perhaps this means that > ND/RD packets are protected by AH? this hasn't been specified yet. > But that can't be, since SEND is about solving the bootstrapping > problems wrt ND. this doesn't actually follow; a public-key based self-authenticating AH may well be the solution. > I have not read [MAN-SA] yet. If this issue is addressed there, do > ignore me. this is a requirements document. it does not discuss mechanisms in detail. we plan to come up with some way to authenticate ND/RD packets but that won't be part of this document. - Bill -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 13:51:16 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA27959 for ; Wed, 4 Dec 2002 13:51:15 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4IrgKV022415; Wed, 4 Dec 2002 19:53:42 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YCDZCST7; Wed, 4 Dec 2002 19:53:42 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4IrfZ25301; Wed, 4 Dec 2002 19:53:41 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id TAA24578; Wed, 4 Dec 2002 19:53:26 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fridge.docomolabs-usa.com (key1.docomolabs-usa.com [216.98.102.225]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id TAA24573 for ; Wed, 4 Dec 2002 19:53:24 +0100 (MET) Message-ID: <016301c29bc6$1ef6b5f0$726015ac@T23KEMPF> From: "James Kempf" To: , "Alper E. YEGIN" Cc: , "Pekka Nikander" , References: <200212041729.gB4HTPMf010996@thunk.east.sun.com> Subject: Re: Should SEND deal with Remote ND DoS attack ? Date: Wed, 4 Dec 2002 10:51:14 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit Bill, Actually, this is likely to change. The Feds (National CyperSecurity Task Force) are going to put a whole bunch of money into educating ISPs about security. Ingress filtering is on the top of the list of easy measures to make the Internet more secure. Of course, the ISPs might not choose to act, but if they don't the Feds may get a little more proactive about requiring it. If there are easy ways to do the design such that it will work with and without ingress filtering, then I don't see much problem with including them. On the other hand, I don't think we need to put in complex features to get around bad BCP. jak ----- Original Message ----- From: "Bill Sommerfeld" To: "Alper E. YEGIN" Cc: ; "Pekka Nikander" ; Sent: Wednesday, December 04, 2002 9:29 AM Subject: Re: Should SEND deal with Remote ND DoS attack ? > > This type of threat is not available to off-link attackers since > > ingress filtering routers won't let their packet come in. > > I think you're being overly optimistic. > > Large fractions of the ipv4 internet do not do ingress filtering. > > It's not clear whether v6 routers do ingress filtering in their > default out-of-box config (and I rather suspect that they won't) > > I predict that large fractions of the v6 network will not do ingress > filtering and thus it is conservative/defensive to assume it won't > always be there. > > - Bill > > > -------------------------------------------------------------------- > To unsubscribe from this list, send email with "UNSUBSCRIBE" in the > body to . > Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html > -------------------------------------------------------------------- > -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 14:28:17 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA29732 for ; Wed, 4 Dec 2002 14:28:16 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4JUlQ1021510; Wed, 4 Dec 2002 20:30:47 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YCDZCXA5; Wed, 4 Dec 2002 20:30:47 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4JUkZ26246; Wed, 4 Dec 2002 20:30:46 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id UAA00063; Wed, 4 Dec 2002 20:30:31 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from fridge.docomolabs-usa.com (key1.docomolabs-usa.com [216.98.102.225]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id UAA00017 for ; Wed, 4 Dec 2002 20:30:28 +0100 (MET) Message-ID: <00d301c29bcb$4edfc770$506015ac@AlperVAIO> From: "Alper E. YEGIN" To: Cc: , "Pekka Nikander" , References: <200212041729.gB4HTPMf010996@thunk.east.sun.com> Subject: Re: Should SEND deal with Remote ND DoS attack ? Date: Wed, 4 Dec 2002 11:27:50 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit > > This type of threat is not available to off-link attackers since > > ingress filtering routers won't let their packet come in. > > I think you're being overly optimistic. I should clarify: ingress filtering tool is available to network administrators to prevent this type of attacks. Whether they use it or not, is their problem. They should be aware of the risk of not using it. The final solution might be suggesting administrators to use the collection of SEND + ingress filtering + some_other_existing_mechanisms. If they fail to use the right ingredients, solution might fail. > > Large fractions of the ipv4 internet do not do ingress filtering. > > It's not clear whether v6 routers do ingress filtering in their > default out-of-box config (and I rather suspect that they won't) > > I predict that large fractions of the v6 network will not do ingress > filtering and thus it is conservative/defensive to assume it won't > always be there. I think mechanism/protocol re-use is a good thing, and we should advocate it as much as possible. At the end, SEND may require ingress filtering be turned on at the access routers. This requirement might be part of the solution if needed, imo. alper -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 15:23:20 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA02150 for ; Wed, 4 Dec 2002 15:23:19 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4KPmQ1025701; Wed, 4 Dec 2002 21:25:48 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YCDZC859; Wed, 4 Dec 2002 21:25:48 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4KPl220161; Wed, 4 Dec 2002 21:25:47 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id VAA06055; Wed, 4 Dec 2002 21:25:34 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from netcore.fi (netcore.fi [193.94.160.1]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id VAA06051 for ; Wed, 4 Dec 2002 21:25:32 +0100 (MET) Received: from localhost (pekkas@localhost) by netcore.fi (8.11.6/8.11.6) with ESMTP id gB4KPLD19563; Wed, 4 Dec 2002 22:25:22 +0200 Date: Wed, 4 Dec 2002 22:25:21 +0200 (EET) From: Pekka Savola To: "Alper E. YEGIN" cc: sommerfeld@east.sun.com, Pekka Nikander , Subject: Re: Should SEND deal with Remote ND DoS attack ? In-Reply-To: <00d301c29bcb$4edfc770$506015ac@AlperVAIO> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk On Wed, 4 Dec 2002, Alper E. YEGIN wrote: > > > This type of threat is not available to off-link attackers since > > > ingress filtering routers won't let their packet come in. > > > > I think you're being overly optimistic. > > I should clarify: ingress filtering tool is available to > network administrators to prevent this type of attacks. > Whether they use it or not, is their problem. They should > be aware of the risk of not using it. > > The final solution might be suggesting administrators > to use the collection of SEND + ingress filtering + > some_other_existing_mechanisms. If they fail to use > the right ingredients, solution might fail. I believe Alper meant 'egress filtering' here. (The terminology _is_ confusing, and I'm not sure even I got it 100% right.) That is, there are two types of source address filtering: a) site X configures a filter at its edge to prevent addresses of site X from coming from Internet to site X (often called egress filtering) b) ISP Y configures a filter at its edge to prevent addresses other than those of site Z (customer of ISP Y) from arriving from the direction of site Z. (often called ingress filtering) I think Bill may have been referring to b) by the more common terminology -- and we cannot assume b) will be used. But it may be perfectly OK to assume a) _is_ if it makes our life easier (often, it does) -- because that's _your network_ to configure, not everybody else's in the Internet. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 16:03:54 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA03617 for ; Wed, 4 Dec 2002 16:03:54 -0500 (EST) Received: from esealnt611.al.sw.ericsson.se (esealnt611.al.sw.ericsson.se [153.88.254.68]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4L6SKV005607; Wed, 4 Dec 2002 22:06:28 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YFXDJWQD; Wed, 4 Dec 2002 22:06:28 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4L6RZ28418; Wed, 4 Dec 2002 22:06:27 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id WAA11384; Wed, 4 Dec 2002 22:06:08 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from patan.sun.com (patan.Sun.COM [192.18.98.43]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id WAA11379 for ; Wed, 4 Dec 2002 22:06:07 +0100 (MET) Received: from eastmail1bur.East.Sun.COM ([129.148.9.49]) by patan.sun.com (8.9.3+Sun/8.9.3) with ESMTP id OAA10114; Wed, 4 Dec 2002 14:06:01 -0700 (MST) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail1bur.East.Sun.COM (8.12.2+Sun/8.12.2/ENSMAIL,v2.2) with ESMTP id gB4L5x9x008434; Wed, 4 Dec 2002 16:05:59 -0500 (EST) Received: from thunk (localhost [127.0.0.1]) by thunk.east.sun.com (8.12.6+Sun/8.12.3) with ESMTP id gB4L5wMf013550; Wed, 4 Dec 2002 16:05:58 -0500 (EST) Message-Id: <200212042105.gB4L5wMf013550@thunk.east.sun.com> From: Bill Sommerfeld To: Pekka Savola cc: "Alper E. YEGIN" , sommerfeld@east.sun.com, Pekka Nikander , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? In-Reply-To: Your message of "Wed, 04 Dec 2002 22:25:21 +0200." Reply-to: sommerfeld@east.sun.com Date: Wed, 04 Dec 2002 16:05:58 -0500 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk let me reiterate my stance on the filtering issue: from a robustness point of view, it would be poor for a mobile host to assume that the network it's visiting is "appropriately" ingress/egress filtered. it may be filtered. it may not be. if at all possible our design should make minimal assumptions either way. - Bill -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Wed Dec 4 18:37:32 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA10456 for ; Wed, 4 Dec 2002 18:37:32 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gB4Ne2KV020628; Thu, 5 Dec 2002 00:40:02 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YCDZDRCV; Thu, 5 Dec 2002 00:40:02 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gB4Ne0Z01910; Thu, 5 Dec 2002 00:40:00 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id AAA00338; Thu, 5 Dec 2002 00:39:38 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from kathmandu.sun.com (kathmandu.sun.com [192.18.98.36]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id AAA00334 for ; Thu, 5 Dec 2002 00:39:37 +0100 (MET) Received: from eastmail2bur.East.Sun.COM ([129.148.13.40]) by kathmandu.sun.com (8.9.3+Sun/8.9.3) with ESMTP id QAA13625; Wed, 4 Dec 2002 16:39:32 -0700 (MST) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail2bur.East.Sun.COM (8.12.2+Sun/8.12.2/ENSMAIL,v2.2) with ESMTP id gB4NdVig006718; Wed, 4 Dec 2002 18:39:31 -0500 (EST) Received: from thunk (localhost [127.0.0.1]) by thunk.east.sun.com (8.12.6+Sun/8.12.3) with ESMTP id gB4NdVMf014868; Wed, 4 Dec 2002 18:39:31 -0500 (EST) Message-Id: <200212042339.gB4NdVMf014868@thunk.east.sun.com> From: Bill Sommerfeld To: "James Kempf" cc: sommerfeld@east.sun.com, "Alper E. YEGIN" , "Pekka Nikander" , ietf-send@standards.ericsson.net Subject: Re: Should SEND deal with Remote ND DoS attack ? In-Reply-To: Your message of "Wed, 04 Dec 2002 10:51:14 PST." <016301c29bc6$1ef6b5f0$726015ac@T23KEMPF> Reply-to: sommerfeld@east.sun.com Date: Wed, 04 Dec 2002 18:39:31 -0500 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk > If there are easy ways to do the design such that it will work with > and without ingress filtering, then I don't see much problem with > including them. On the other hand, I don't think we need to put in > complex features to get around bad BCP. once again, a BCP for security is "don't assume that entities you don't control are doing the right thing." - Bill -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Mon Dec 9 20:33:51 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12609 for ; Mon, 9 Dec 2002 20:33:51 -0500 (EST) Received: from esealnt611.al.sw.ericsson.se (esealnt611.al.sw.ericsson.se [153.88.254.68]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gBA1aQQ1003029; Tue, 10 Dec 2002 02:36:26 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YRSN8BC5; Tue, 10 Dec 2002 02:36:26 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gBA1aP220909; Tue, 10 Dec 2002 02:36:25 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id CAA03024; Tue, 10 Dec 2002 02:35:49 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from aol.com (gd2-203136.gd.icnet.ne.jp [211.8.203.136]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with SMTP id CAA03014; Tue, 10 Dec 2002 02:35:44 +0100 (MET) From: spankthedur@aol.com Received: from da001d2020.loxi.pianstvu.net ([7.206.120.92]) by smtp-server.tampabayr.com with SMTP; 09 Dec 2002 18:38:22 -0800 Received: from unknown (109.239.64.75) by sparc.zubilam.net with local; Mon, 09 Dec 2002 10:30:57 +0800 Received: from unknown (162.15.112.182) by mx.loxsystems.net with smtp; Mon, 09 Dec 2002 18:23:32 +0700 Reply-To: Message-ID: <016e87c03b5c$5721b2a2$0cb68ec8@bxlgnd> To: , Subject: Ready? Date: Mon, 09 Dec 2002 16:31:57 +0900 MiME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-Priority: 1 (High) X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Importance: Normal Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 8bit : ))).. think you relayed to my personal ad! Yes I do get a lot of responses but you got me curious I haven't done this in a while so please forgive my nervousness. And I hope your still around, (the good people always get taken fast) Anyway since I know a "little" about you :) (that was cute by the way), you should take a look at me so that you can decide if we match. I'm not sure exactly what ad you replied to, I have a couple, but I do have a detailed profile with a picture at http://www.hot.ee/vipsingles/ Chris Well...If you're not interested any more, that's ok too.... Have a great night. Bye....:) ChrisBrenda27 Member No. 7199FQDW2-928NfDb0593AEzy7-571Kgwl7349IKSK3-848Wcld7594czvL2-272l60 -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Tue Dec 10 14:41:39 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA18882 for ; Tue, 10 Dec 2002 14:41:39 -0500 (EST) Received: from esealnt611.al.sw.ericsson.se (esealnt611.al.sw.ericsson.se [153.88.254.68]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gBAJh9Q1016031; Tue, 10 Dec 2002 20:43:09 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id YRS31B24; Tue, 10 Dec 2002 20:43:09 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gBAJh8Z15830; Tue, 10 Dec 2002 20:43:08 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id UAA17174; Tue, 10 Dec 2002 20:42:27 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from hollowmetalspecialists.com ([202.88.141.8]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with SMTP id UAA17148; Tue, 10 Dec 2002 20:41:31 +0100 (MET) From: mike@hollowmetalspecialists.com Received: from [168.116.168.100] by asy100.as122.sol-superunderline.com with NNFMP; 10 Dec 2002 12:43:28 +0300 Received: from unknown (HELO n9.groups.huyahoo.com) (196.222.1.245) by mailout2-eri1.midmouth.com with SMTP; Tue, 10 Dec 2002 15:40:23 +0800 Received: from [36.135.72.151] by f64.law4.hottestmale.com with esmtp; Tue, 10 Dec 2002 23:37:18 +0600 Received: from [20.81.38.58] by da001d2020.loxi.pianstvu.net with QMQP; Wed, 11 Dec 2002 05:34:13 -1000 Reply-To: Message-ID: <013a45d65d1e$2565a3e8$8bc34cb2@xuwocl> To: , Subject: Is that you? Date: Tue, 10 Dec 2002 13:27:18 +0600 MiME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-Priority: 1 (High) X-MSMail-Priority: High X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 8bit Hi,.. Hi again I am so sorry for not replying sooner it seems that, one of my emails seemed to have gone astray, so I thought I would reply hoping that you would still remember who I am :)) If by some chance you have changed your email, I guess I would have lost an opportunity too. shame :( Anyway, I'm still willing and waiting here http://www.singlers.com/index_vip.html If you want to contact me through the site again you know where I am. Kisses Ali Member Registration http://www.singlers.com/index_vip.html 4172snnq0-765qRuO5691nKzV9-242fzAo4005hECw4-377VoZC7998GcDl4-0l58 3373mxSJ4-012elBl4227TEhp2-715SSwx5869Gasj4-720xliK2471hhJr9-296FiLX4560ysl70 -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Mon Dec 16 03:46:24 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA29110 for ; Mon, 16 Dec 2002 03:46:23 -0500 (EST) Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gBG8mmAv008690; Mon, 16 Dec 2002 09:48:48 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id Y8JACXJ3; Mon, 16 Dec 2002 09:48:48 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gBG8mlI07815; Mon, 16 Dec 2002 09:48:47 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id JAA22837; Mon, 16 Dec 2002 09:47:21 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from serwer.marx.pl (213-25-18-123.tvk.tpsa.pl [213.25.18.123]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with SMTP id JAA22832 for ; Mon, 16 Dec 2002 09:47:20 +0100 (MET) Message-Id: <200212160847.JAA22832@prdxweb.sw.ericsson.se> Received: from 24.225.27.49 by serwer.marx.pl (MarX-X SMTPD); id s20021216094705.3463; Mon, 16 Dec 2002 09:47:06 X-Sender: mat1a@mojekonto.com From: "The Patterson's" To: ietf-send@standards.ericsson.net Date: Mon, 16 Dec 2002 02:46:57 -0600 Subject: business opportunity? MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 7bit Hi! I'd like more info on your business opportunity. I am using a friend's computer. You cannot email me. Please call Cindy at 920-685-5165. Thank you very much! -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Mon Dec 23 08:19:40 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA29474 for ; Mon, 23 Dec 2002 08:19:39 -0500 (EST) Received: from esealnt611.al.sw.ericsson.se (esealnt611.al.sw.ericsson.se [153.88.254.68]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gBNDMLKV005197; Mon, 23 Dec 2002 14:22:21 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id ZGNJBZKF; Mon, 23 Dec 2002 14:22:21 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gBNDMKI19154; Mon, 23 Dec 2002 14:22:20 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id OAA25711; Mon, 23 Dec 2002 14:21:47 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from hotmail.com (public1-amer1-4-cust253.watf.broadband.ntl.com [80.0.198.253]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with SMTP id OAA25706; Mon, 23 Dec 2002 14:21:45 +0100 (MET) From: metalhead44@hotmail.com Received: from [64.4.221.59] by smtp-server.tampabayr.com with esmtp; Sun, 22 Dec 2002 11:24:46 +1200 Received: from unknown (42.187.203.82) by pet.vosni.net with asmtp; 22 Dec 2002 23:22:40 +0400 Received: from unknown (22.127.97.65) by anther.webhostingtotalk.com with asmtp; 23 Dec 2002 03:20:34 +0200 Received: from unknown (26.82.53.184) by smtp-server1.cflrr.com with smtp; Mon, 23 Dec 2002 05:18:28 +0800 Reply-To: Message-ID: <031d37b48d1e$6635d1a0$1da51ad4@qhtjwt> To: Nikki@standards.ericsson.net Subject: Nice one; Date: Mon, 23 Dec 2002 14:00:11 -0100 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00E3_52A78C5B.B0882E45" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 Importance: Normal Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk ------=_NextPart_000_00E3_52A78C5B.B0882E45 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: base64 OiApKSkuLg0KDQpFLURhdGluZyBoYXMgZmluYWxseSBldm9sdmVkLi4NCg0K DQoqIENlbGwgbWVzc2FnZXMNCiogVGV4dCBNZXNzYWdlcw0KKiBFbWFpbA0K KiBQaG9uZQ0KKiBDaGF0DQoqIEluc3RhbnQgY29udGFjdA0KKiBWb2ljZSBt YWlsDQoqIEFkdmFuY2VkIHNlYXJjaA0KKiBGUkVFIFJlZ2lzdHJhdGlvbiAh DQoNCkNsaWNrIGhlcmUgTk9XICENCmh0dHA6Ly93d3cuc2luZ2xlcnMuY29t L2luZGV4X3ZpcC5odG1sDQoNCiJDaGF0dGVyYm94IiBUaGUgZmlyc3QgSW5z dGFudCBNZXNzYW5nZXINCmZvciBXaW5kb3dzIHRvIG1lZXQgYW5kIGNoYXQg d2l0aCB0aG91c2FuZHMNCm9mIGxpa2UtbWluZGVkIHNpbmdsZXMgZm9yIGEg ZGF0ZSBpbiB5b3VyIGFyZWENCg0KKiBTZWUgd2hvIHlvdXIgY2hhdHRpbmcg d2l0aA0KKiBGcmVlIHRvIHVzZSBhbmQgZG93bmxvYWQNCiogRmluZCBhIGRh dGUgYnkgY2l0eSBXb3JsZHdpZGUNCiogRGlyZWN0IENoYXQgYW5kIGNvbnRh Y3RzDQoqIEZpbmRzIHlvdXIgcGVyZmVjdCBwYXJ0bmVyDQoqIGFuZCBtdWNo LCBtdWNoIG1vcmUuLi4NCg0KQ2xpY2sgaGVyZSBOT1cgIQ0KaHR0cDovL3d3 dy5zaW5nbGVycy5jb20vaW5kZXhfdmlwLmh0bWwNCg0KDQoNCg0KMjA4MVd1 V1c3LTk1NXZ6b283MTM1emNPSDMtOTcwcmhoVDIwODZ0QVRuNy0zNTRRQkRv bDQ4IA0KDQoNCg== -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- ------=_NextPart_000_00E3_52A78C5B.B0882E45-- From jari.arkko@lmf.ericsson.se Mon Dec 23 10:01:33 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA05565 for ; Mon, 23 Dec 2002 10:01:32 -0500 (EST) Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gBNF4DAv012584; Mon, 23 Dec 2002 16:04:13 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id ZGM8JAQ0; Mon, 23 Dec 2002 16:04:13 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gBNF4C225100; Mon, 23 Dec 2002 16:04:13 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id QAA08503; Mon, 23 Dec 2002 16:03:53 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from hotmail.com ([200.72.130.18]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with SMTP id QAA08476 for ; Mon, 23 Dec 2002 16:03:41 +0100 (MET) From: meydey@hotmail.com Received: from unknown (HELO mail.gimmixx.net) (213.90.76.128) by n9.groups.huyahoo.com with asmtp; Mon, 23 Dec 2002 01:06:31 +0700 Received: from [88.62.206.18] by rly-yk04.aolmd.com with esmtp; Mon, 23 Dec 2002 08:01:08 +1100 Received: from [42.221.107.140] by smtp-server.tampabayr.com with SMTP; 23 Dec 2002 18:55:45 -1100 Received: from [134.68.247.89] by rly-xr02.nikavo.net with NNFMP; 23 Dec 2002 07:50:22 +0400 Received: from unknown (35.123.110.25) by da001d2020.loxi.pianstvu.net with asmtp; 23 Dec 2002 11:44:59 +0300 Reply-To: Message-ID: <012d33b36c4b$7541e5d7$1de35bb5@qvhegw> To: Subject: Not sure Date: Mon, 23 Dec 2002 16:48:07 -0200 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00B1_04B51A4E.E1261A54" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462.0000 Importance: Normal Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk ------=_NextPart_000_00B1_04B51A4E.E1261A54 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: base64 SGkgIS4uDQoNCg0KUGxlYXNlLCBwbGVhc2Ugd3JpdGUgYWdhaW4sIGhvcGUg eW91IHN0aWxsIGhhdmUgbXkgZW1haWwsIHRvIG1ha2UgdGhpbmdzIHdvcnNl IEkgYW0gbm90DQogc3VyZSBhYm91dCB5b3VycyBlaXRoZXIsIGFueXdheSB5 b3UgY2FuIGFsd2F5cyBjYXRjaCBtZSBvbmh0dHA6Ly93d3cuc2luZ2xlcnMu Y29tL2luZGV4X3ZpcC5odG1sDQoNCkhvcGUgdG8gc2VlIHlvdSB2ZXJ5LCB2 ZXJ5IHNvb24uDQoNCktpc3NlcyBhbmQgbW9yZSA6KQ0KDQpEZWFseQ0KDQoN Cg0KNzE0MWxLWUkwLTI2M1VQSkc4ODU0akdPYjMtOTMycENLSjAzODBiZE9W OC0wOTNmcmFMOTIxMW9pbDU0IA0KDQoNCg== -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- ------=_NextPart_000_00B1_04B51A4E.E1261A54-- From jari.arkko@lmf.ericsson.se Tue Dec 24 08:06:50 2002 Received: from albatross.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA06874 for ; Tue, 24 Dec 2002 08:06:49 -0500 (EST) Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gBOD9KKV018216; Tue, 24 Dec 2002 14:09:20 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id ZGM8M90B; Tue, 24 Dec 2002 14:09:20 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gBOD9K205188; Tue, 24 Dec 2002 14:09:20 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id OAA06767; Tue, 24 Dec 2002 14:08:46 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from wong (NK218-187-40-47.3-24.pl.apol.com.tw [218.187.40.47]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with SMTP id OAA06755; Tue, 24 Dec 2002 14:08:39 +0100 (MET) Date: Tue, 24 Dec 2002 14:08:39 +0100 (MET) Received: from party by mail.sysnet.net.tw with SMTP id uwaKY5jB2mfxs4vfyBdIVyub; Tue, 24 Dec 2002 21:08:48 +0800 Message-ID: <2JeMuRO@tpts7.seed.net.tw> From: 稰褐@standards.ericsson.net To: 腀辨龟瞷 Cc: 1223-3N@standards.ericsson.net, 1223-4N@standards.ericsson.net Subject: =?big5?Q?=C4@=B1=E6=B9=EA=B2{?= MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_dF6dBoweI1yZQ8C" X-Mailer: 6euF7ja0IRXYhoyAWmED711 X-Priority: 3 X-MSMail-Priority: Normal Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_dF6dBoweI1yZQ8C Content-Type: multipart/alternative; boundary="----=_NextPart_dF6dBoweI1yZQ8CAA" ------=_NextPart_dF6dBoweI1yZQ8CAA Content-Type: text/html; charset="big5" Content-Transfer-Encoding: base64 PGh0bWw+DQoNCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50 PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9YmlnNSI+DQo8bWV0YSBuYW1lPSJHRU5FUkFUT1IiIGNvbnRl bnQ9Ik1pY3Jvc29mdCBGcm9udFBhZ2UgNC4wIj4NCjxtZXRhIG5hbWU9IlByb2dJZCIgY29udGVu dD0iRnJvbnRQYWdlLkVkaXRvci5Eb2N1bWVudCI+DQo8dGl0bGU+vdDFpafau6EmbmJzcDsmbmJz cDsgs1ynQabbpHakQK3Tpbyo0zwvdGl0bGU+DQo8L2hlYWQ+DQoNCjxib2R5Pg0KDQo8cD48Yj48 Zm9udCBjb2xvcj0iIzAwODAwMCIgZmFjZT0itdixZMTXstO2wiwgtdixZMTXssq26iIgc2l6ZT0i NiI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IA0KvdDFpafau6E8L2ZvbnQ+PGZvbnQgY29s b3I9IiM2NjMzY2MiPiZuYnNwOyA8L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRjAwMDAiPiA8Zm9udCBm YWNlPSK12LFkxNey07bCIiBzaXplPSI1Ij6zXKdBptukdqRArdOlvKjTPC9mb250PjwvZm9udD48 L2I+PC9wPg0KPHA+PGZvbnQgc2l6ZT0iNCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7IA0Kt+2n2q3MqrqlQKzJpb+lSKSjpWmr5MSzqrqzdKvXp+/F3K7JoUa37afa rcyorcPkqrqoxqqrrPC1TaSjpkG89LF4PC9mb250PjwvcD4NCjxwPjxmb250IHNpemU9IjQiPq7J oUa37afarcytsbnvpbyo06FBpXWz0a/ttU2qurVMqr6uyaFGqK2ssLT5pHC1TKdVqrqlq6SrpHCl wa3MoUG406ZwpvM8L2ZvbnQ+PC9wPg0KPHA+PGZvbnQgc2l6ZT0iNCI+vdW+46bbpHahQa2rt3O+ QcCztN27xbVMsaGqurdzqsC3fKFIPC9mb250PjwvcD4NCjxwPjxmb250IHNpemU9IjQiPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyANCqr4tMGpfrCqpKOkVaq6paK3frJ2oUHF /TwvZm9udD48YSBocmVmPSJodHRwOi8vd3d3LmVhZ2xlLWZseS5pZHYudHcvbW9ycmlzLnBocCIg dGFyZ2V0PSJfYmxhbmsiPjxmb250IHNpemU9IjUiIGNvbG9yPSIjMDAwMEZGIj48Yj6hdbW5p9qk QKX3pHWnQKFJoXY8L2I+PC9mb250PjwvYT48Zm9udCBzaXplPSI0Ij6mqKyws1ymaKWit36qzKq6 pkCmUKTfwW48L2ZvbnQ+PC9wPg0KPHA+PGZvbnQgc2l6ZT0iNCI+oUGm/ahzs7q91qazr+CkT7Sj qNGnQaR1p0C+97d8qU+hSKxPrEapsqFIrE+l+Ld+oUjB2axPp0Gm26R2oUg8L2ZvbnQ+PC9wPg0K PHA+PGZvbnQgc2l6ZT0iNCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IA0K rbG577xAxdykpKq6pUCsyaFBpKO9VKl3qrqlvKjToUGkV69asdqtzLCjpEapVKZ1reyms6q6sU23 frvisOyhQa5JPC9mb250PjwvcD4NCjxwPjxmb250IHNpemU9IjQiPq26ttS+xLt7r3WmYaR1p0Cl fqFBrE+nX6RduNO+Qa7JpmGp77BfwFmo06FBrN2s3aV+rMmqusXcpMahQbdRt1GkraZ+oUI8L2Zv bnQ+PC9wPg0KPHA+PGZvbnQgc2l6ZT0iNCI+pFGmfqzGqc6kR6RRoUKkVKRRpn6r4aq6p0GhQbjT uUy126Swu/K8y6q6pc2soaFIPC9mb250PjwvcD4NCjxwPjxmb250IHNpemU9IjQiPiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyANCqdBqrqlvKjToUGldaazp0Gm26R2r+Cz0LN5 oUGldaazptukdrPMqfql1aFBpl2muaFBu1Co5LWlq92nT6RIrEmxyzwvZm9udD48L3A+DQo8cD48 Zm9udCBzaXplPSI0Ij6kQKX3pHWnQKFBpKOmcKbbpHazXaprp+ym7a7JpU6qurzprHmhQbFqpMan Qaq6pHWnQKfer+ChQbPQs3mlWMTdqfM8L2ZvbnQ+PC9wPg0KPHA+PGZvbnQgY29sb3I9IiMwMDAw RkYiPjxiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZWFnbGUtZmx5Lmlkdi50dy9tb3JyaXMucGhwIiB0 YXJnZXQ9Il9ibGFuayI+PGZvbnQgc2l6ZT0iNSI+ptukdqq6pbyo0zwvZm9udD48Zm9udCBzaXpl PSI0Ij6hQzwvZm9udD48L2E+PC9iPjwvZm9udD48L3A+DQo8cD48c3BhbiBsYW5nPSJFTi1VUyI+ PGJyPg0KPGZvbnQgc2l6ZT0iNCI+pnCqR7F6qrqqQqTNpF2ms6ZQvMuqurdRqmsspF2nxrHmsXqx Tqa5sFSup8LgsUinaaq+Li7BwsHCISE8L2ZvbnQ+PC9zcGFuPjwvcD4NCjxwPqFAPC9wPg0KPHA+ oUA8L3A+DQoNCjwvYm9keT4NCg0KPC9odG1sPg== ------=_NextPart_dF6dBoweI1yZQ8CAA-- ------=_NextPart_dF6dBoweI1yZQ8C-- -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Thu Dec 26 20:43:28 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA19131 for ; Thu, 26 Dec 2002 20:43:28 -0500 (EST) Received: from esealnt613.al.sw.ericsson.se (esealnt613.al.sw.ericsson.se [153.88.254.72]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gBR1k3Av012009; Fri, 27 Dec 2002 02:46:03 +0100 (MET) Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id ZQ1DTD40; Fri, 27 Dec 2002 02:46:03 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gBR1k3215517; Fri, 27 Dec 2002 02:46:03 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id CAA25610; Fri, 27 Dec 2002 02:45:01 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from yahoo.com ([61.171.199.86]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with ESMTP id CAA25535 for ; Fri, 27 Dec 2002 02:44:59 +0100 (MET) Message-Id: <200212270144.CAA25535@prdxweb.sw.ericsson.se> From: =?GB2312?B?yc+6o7fj4/6+rbzDv6q3osf4?= Subject: =?GB2312?B?yc+6o7+qt6LH+NeisuG5q8u+s6TG2s/tyty087bussbV/r2xwPg=?= To: ietf-send@standards.ericsson.net Content-Type: text/plain;charset="GB2312" Date: Fri, 27 Dec 2002 09:41:08 +0800 X-Priority: 3 X-Mailer: Foxmail 4.1 [cn] Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk 开发区是上海金山区政府下属的经济实体,区政府对 注册、落户在开发区的企业有一系列优惠政策。详情 见http://www.fngjng.com -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Mon Dec 30 06:13:02 2002 Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA22042 for ; Mon, 30 Dec 2002 06:13:01 -0500 (EST) Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id gBUBFVAv020966; Mon, 30 Dec 2002 12:15:31 +0100 (MET) Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id ZGM80TSZ; Mon, 30 Dec 2002 12:15:31 +0100 Received: from prdxweb.sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.10.0/8.10.0/extranet-1.1) with ESMTP id gBUBFUI07327; Mon, 30 Dec 2002 12:15:30 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) id MAA29897; Mon, 30 Dec 2002 12:14:39 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from n2now2682.com ([80.179.100.66]) by prdxweb.sw.ericsson.se (8.9.1/8.9.1/uc-1.0) with SMTP id MAA29890 for ; Mon, 30 Dec 2002 12:14:35 +0100 (MET) Message-Id: <200212301114.MAA29890@prdxweb.sw.ericsson.se> From: "MRS. MARYAM ABACHA" Reply-To: maryam42003@37.com To: ietf-send@standards.ericsson.net Date: Mon, 30 Dec 2002 12:11:40 +0100 Subject: PLEASE ASSIST ME !! X-Priority: 1 X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by prdxweb.sw.ericsson.se id MAA29893 Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk Content-Transfer-Encoding: 8bit 30TH DECEMBER, 2002 FROM: MRS. MARYAM ABACHA EMAIL: maryam2003@fastermail.com DEAR SIR, FIRSTLY, I MUST WISH YOU A HAPPY AND PROSPEROUS NEW YEAR IN ADVANCE. I AM MRS. MARYAM ABACHA, WIFE OF LATE GEN. SANNI ABACHA, EX-MILITARY HEAD OF STATE OF THE FEDERAL REPUBLIC OF NIGERIA WHO DIED ON THE 8TH OF JUNE 1998 OF HEART PROBLEMS. I CONTACTED YOU BECAUSE OF MY NEED TO DEAL WITH PERSONS WHOM MY FAMILY AND I HAVE HAD NO PREVIOUS PERSONAL RELATIONSHIPS. SINCE THE DEATH OF MY HUSBAND, MY FAMILY HAD BEEN SUBJECTED TO ALL SORTS OF HARASSMENT AND INTIMIDATION WITH LOTS OF NEGATIVE REPORTS EMANATING FROM THE GOVERNMENT AND THE PRESS ABOUT MY HUSBAND. THE PRESENT GOVERNMENT HAS ALSO ENSURED THAT OUR BANK ACCOUNTS ARE FROZEN AND ALL ASSETS SEIZED BOTH LOCAL AND INTERNATIONAL, BUT MY ONLY SOURCE OF HOPE NOW IS AN AVAILABLE US$30,000,000.00 CASH, (THIRTY MILLION DOLLARS) WHICH WAS SECRETLY DEPOSITED BY MY LATE HUSBAND AS PERSONAL EFFECTS IN A SECURITY COMPANY IN ASIA, UNKNOWN TO THE NIGERIAN GOVERNMENT. I HAVE BEEN UNDER HOUSE ARREST TOGETHER WITH MY SON SINCE FEBRUARY, 1999 AND THEREFORE CANNOT TRAVEL. PLEASE I AM SOLICITING YOUR ASSISTANCE FOR THE TRANSFER OF THIS MONEY FROM THE SECURITY COMPANY INTO YOUR PERSONAL ACCOUNT. I PROMISE TO COMPENSATE YOU WITH 20% 0F THE TOTAL SUM. FOR THE SAKE OF GOD, PLEASE DO NOT BETRAY AFTER RECEIVING THE MONEY. I WILL JOIN YOU IN YOUR COUNTRY AFTER OUR FINAL RELEASE BY THE FEDERAL GOVERNMENT. FOR THE EASE OF COMMUNICATION, PLEASE SEND ME YOUR PHONE AND FAX NUMBERS SO THAT MY LAWYER CAN SEND YOU ALL THE NECESSARY LEGAL DOCUMENTS THAT WILL BACK YOU UP FOR THE CLAIM. THANK YOU. YOURS SINCERELY, MRS. MARYAM ABACHA -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html --------------------------------------------------------------------