Mailinglist Archive: opensuse-factory (1578 mails)
| < Previous | Next > |
Re: [opensuse-factory] Re: 12.1 IPv6 addressing issue (solved)
- From: Lew Wolfgang <wolfgang@xxxxxxxxxxxxxxx>
- Date: Thu, 17 Nov 2011 12:05:01 -0800
- Message-id: <4EC568ED.1040307@sweet-haven.com>
On 11/17/2011 11:47 AM, Rüdiger Meier wrote:
(thanks for the complement! at least one of them is
following this thread)
As was relayed to me this morning, one of the issues with
private addressing is accountability. Take the example of
a security incident logged at a remote web site or honey pot
coming from a client within our domain. How can an organization
backtrack to their client's source IP if all the reporter has
are random addresses? This implies we'd have
to keep track of all random addys, that might change on a
daily basis, to correlate them with physical ones. Then,
what if we didn't receive the incident report until two-weeks
after it happened? How many random address do we keep?
I'm not saying it can't be done, but in this case someone
has to do it. If perfected, this v6 sweeper would give us
the best of both worlds, privacy on the Internet, with local
accountability if needed.
Regards,
Lew
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
So the problem is basically our network's, in particular the v6Nice!
> "sweeper", I think.
Sounds they are not really incompetent and trying hard to allow their
users the privacy comfort. You see that they have to do a "bit" more
than simply running "usual routers" with default config.
(thanks for the complement! at least one of them is
following this thread)
As was relayed to me this morning, one of the issues with
private addressing is accountability. Take the example of
a security incident logged at a remote web site or honey pot
coming from a client within our domain. How can an organization
backtrack to their client's source IP if all the reporter has
are random addresses? This implies we'd have
to keep track of all random addys, that might change on a
daily basis, to correlate them with physical ones. Then,
what if we didn't receive the incident report until two-weeks
after it happened? How many random address do we keep?
I'm not saying it can't be done, but in this case someone
has to do it. If perfected, this v6 sweeper would give us
the best of both worlds, privacy on the Internet, with local
accountability if needed.
Regards,
Lew
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
| < Previous | Next > |