From gunther@4dvision.net Thu Jan 27 10:50:21 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA21057 for ; Thu, 27 Jan 2005 10:50:21 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CuCBj-0006oc-7s for send-archive@ietf.org; Thu, 27 Jan 2005 11:08:07 -0500 Received: from host160-78.pool8249.interbusiness.it ([82.49.78.160]) by mx2.foretec.com with smtp (Exim 4.24) id 1CuBuT-0006E4-Ff for send-archive@ietf.org; Thu, 27 Jan 2005 10:50:21 -0500 Message-ID: <286201c50486$9c9c6d5b$10c047aa@4dvision.net> From: "Jennifer A. Clark" To: send-archive@ietf.org Subject: =?iso-8859-1?B?UG9wdWxhciBzb2Z0IC0gd2hvbGVzYWxlIHByaWNl?= Date: Thu, 27 Jan 2005 15:42:32 +0000 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0000_E9BA1055.BD77E425" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Score: 1.0 (+) X-Scan-Signature: b7b9551d71acde901886cc48bfc088a6 This is a multi-part message in MIME format. ------=_NextPart_000_0000_E9BA1055.BD77E425 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0001_71E6AB0A.26E0FD3B" ------=_NextPart_001_0001_71E6AB0A.26E0FD3B Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Get access to all the popular software imaginable for prices substantially lower than in stores! We sell software 2-6 times cheaper than retail price. Examples: $70 Windows XP Professional (Including: Service Pack 2) $80 Microsoft Office 2003 Professional $90 Adobe Photoshop 8.0/CS (Including: ImageReady CS) $160 Macromedia Studio MX 2004 (Including: Dreamweaver MX + Flash MX + Fireworks MX) $70 Adobe Acrobat 6.0 Professional Special Offers: $80 Windows XP Professional + Office XP Professional $140 Adobe Photoshop CS + Adobe Illustrator CS + Adobe InDesign CS $120 Adobe Photoshop 7 + Adobe Premiere 7 + Adobe Illustrator 10 All main products from Microsoft, Adobe, Macromedia, Corel, etc. And lots more... Go visit us at: http://oft.idgcfbcgfj.info/?xMzC3ix3L58eNR1zxc Regards, Jennifer Clark _____________________________________________________ To change your mail details, go here: http://www.softuniverse.biz/uns.htm _____________________________________________________ ------=_NextPart_001_0001_71E6AB0A.26E0FD3B Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit

Get all the popular software you ever imagined for less!
Our software is 2-10 times cheaper than sold by our competitors.

Examples:
$70 Windows XP Professional (Including: Service Pack 2)
$80 Microsoft Office 2003 Professional
$90 Adobe Photoshop 8.0/CS (Including: ImageReady CS)
$160 Macromedia Studio MX 2004 (Including: Dreamweaver MX + Flash MX + Fireworks MX)
$70 Adobe Acrobat 6.0 Professional

Special Offers:
$80 Windows XP Professional + Office XP Professional
$140 Adobe Photoshop CS + Adobe Illustrator CS + Adobe InDesign CS
$120 Adobe Photoshop 7 + Adobe Premiere 7 + Adobe Illustrator 10

All main products from Microsoft, Adobe, Macromedia, Corel, etc.
And many more... Please visit us at:

http://oft.idgcfbcgfj.info/?xMzC3ix3L58eNR1zxc

Regards,
Jennifer A. Clark

_____________________________________________________
To change your mail details, go: http://www.softuniverse.biz/uns.htm
_____________________________________________________

------=_NextPart_001_0001_71E6AB0A.26E0FD3B-- ------=_NextPart_000_0000_E9BA1055.BD77E425-- From lewis@1commerce.com Thu Jan 27 12:10:41 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA00501 for ; Thu, 27 Jan 2005 12:10:41 -0500 (EST) Received: from 200-207-13-96.dsl.telesp.net.br ([200.207.13.96] helo=200.207.13.96) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1CuDRM-0000bA-9r for send-archive@ietf.org; Thu, 27 Jan 2005 12:28:28 -0500 Message-ID: From: "Jennifer A. Clark" To: send-archive@ietf.org Subject: =?iso-8859-1?B?QWRvYmUgUGhvdG9zaG9wIDguMCAtIHdob2xlc2FsZSBwcmljZQ==?= Date: Thu, 27 Jan 2005 21:52:21 +0000 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0000_F609D8A8.92877F5D" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Score: 9.6 (+++++++++) X-Spam-Flag: YES X-Scan-Signature: b7b9551d71acde901886cc48bfc088a6 This is a multi-part message in MIME format. ------=_NextPart_000_0000_F609D8A8.92877F5D Content-Type: multipart/alternative; boundary="----=_NextPart_001_0001_804DB535.1B2C870F" ------=_NextPart_001_0001_804DB535.1B2C870F Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Get access to all the software you ever imagined for unbelievably low prices! We sell software 2-6 times cheaper than retail price. Examples: $70 Windows XP Professional (Including: Service Pack 2) $80 Microsoft Office 2003 Professional $90 Adobe Photoshop 8.0/CS (Including: ImageReady CS) $160 Macromedia Studio MX 2004 (Including: Dreamweaver MX + Flash MX + Fireworks MX) $70 Adobe Acrobat 6.0 Professional Special Offers: $80 Windows XP Professional + Office XP Professional $140 Adobe Photoshop CS + Adobe Illustrator CS + Adobe InDesign CS $120 Adobe Photoshop 7 + Adobe Premiere 7 + Adobe Illustrator 10 All main products from Microsoft, Adobe, Macromedia, Corel, etc. And many more... Visit us at: http://oft.idgcfbcgfj.info/?xMzC3ix3L58eNR1zxc Sincerely, Jennifer Clark _____________________________________________________ To be taken out, go here: http://www.softuniverse.biz/uns.htm _____________________________________________________ ------=_NextPart_001_0001_804DB535.1B2C870F Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit

Get access to all the popular software imaginable for bottom prices!
Our software is 2-10 times cheaper than sold by our competitors.

A few examples:
$70 Windows XP Professional (Including: Service Pack 2)
$80 Microsoft Office 2003 Professional
$90 Adobe Photoshop 8.0/CS (Including: ImageReady CS)
$160 Macromedia Studio MX 2004 (Including: Dreamweaver MX + Flash MX + Fireworks MX)
$70 Adobe Acrobat 6.0 Professional

Special Offers:
$80 Windows XP Professional + Office XP Professional
$140 Adobe Photoshop CS + Adobe Illustrator CS + Adobe InDesign CS
$120 Adobe Photoshop 7 + Adobe Premiere 7 + Adobe Illustrator 10

All main products from Microsoft, Adobe, Macromedia, Corel, etc.
And many other... Please visit us at:

http://oft.idgcfbcgfj.info/?xMzC3ix3L58eNR1zxc

Sincerely,
Jennifer Clark

_____________________________________________________
To stop further mailings, go: http://www.softuniverse.biz/uns.htm
_____________________________________________________

------=_NextPart_001_0001_804DB535.1B2C870F-- ------=_NextPart_000_0000_F609D8A8.92877F5D-- From jari.arkko@lmf.ericsson.se Thu Jan 27 20:54:32 2005 Received: from albatross.ericsson.se (albatross.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA22631 for ; Thu, 27 Jan 2005 20:54:31 -0500 (EST) Received: from esealmw143.al.sw.ericsson.se ([153.88.254.118]) by albatross.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id j0S1sVvD003090 for ; Fri, 28 Jan 2005 02:54:32 +0100 (MET) Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw143.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.211); Fri, 28 Jan 2005 02:54:36 +0100 Received: from tjatte.sw.ericsson.se ([153.88.242.9]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id DT1Q67QZ; Fri, 28 Jan 2005 02:55:56 +0100 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by tjatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id j0S1sRXA007333; Fri, 28 Jan 2005 02:54:27 +0100 (MET) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id j0S1r6tQ005589; Fri, 28 Jan 2005 02:53:06 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id j0S1r6ph005588; Fri, 28 Jan 2005 02:53:06 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from hestia.native6.com (www.native6.com [168.103.150.210]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id j0S1r4tQ005583 for ; Fri, 28 Jan 2005 02:53:05 +0100 (MET) Received: from JSN6LT (dhcp35-128.bell.kcls.org [198.104.35.128]) (authenticated bits=0) by hestia.native6.com (8.12.8/8.12.8) with ESMTP id j0S1qtBp026598; Thu, 27 Jan 2005 17:52:56 -0800 Message-Id: <200501280152.j0S1qtBp026598@hestia.native6.com> From: "John Spence, CCSI, CCNA, CISSP" To: Subject: Question about MLD messages, related to SEND-06, link-local multicast groups (like all-nodes), and host MLD signaling ... Date: Thu, 27 Jan 2005 17:52:56 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Thread-Index: AcUDHjspYyjWGE4iQc2prtw3f3CFHwBqXjvQ Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 28 Jan 2005 01:54:36.0919 (UTC) FILETIME=[52405070:01C504DC] Content-Transfer-Encoding: 7bit I don't understand a few things as I read Section 9.1 of the 06 SEND Draft. I've provided the passage below, and added my comments at ">>" marks. I may be wrong about how MLD works - if so please enlighten me. Thank you. ------------- start --------------- 9.1 Threats to the Local Link Not Covered by SEND (stuff snipped out) Prior to participating in Neighbor Discovery and Duplicate Address Detection, nodes must subscribe to the link-scoped All-Nodes Multicast Group and the Solicited-Node Multicast Group for the address that they are claiming for their addresses; RFC 2461 [7]. >> I understand this to be correct. Subscribing to a multicast group requires that the nodes use MLD [19]. >> I don't understand this. I don't believe a node needs to use MLD to subscribe to these link-local multicast addresses. MLD is used to signal the DR for the link about what non link-local multicast messages a host wants to receive. For link-local multicast groups, I believe the node just starts listening for them - no MLD required. MLD contains no provision for security. An attacker could send an MLD Done message to unsubscribe a victim from the Solicited-Node Multicast address. >> I don't understand this. I don't believe a host would be listening for MLD Done messages - routers would be. If a host received an MLD Done message I don't believe it would stop listening for link-local multicast groups. >> I don't believe a router, upon receiving an MLD Done message for FF02::1, FF02::2, or solicited-node-multicast group would honor the message, and stop listening to those addresses either. However, the victim should be able to detect such an attack because the router sends a Multicast-Address-Specific Query to determine whether any listeners are still on the address, at which point the victim can respond to avoid being dropped from the group. This technique will work if the router on the link has not been compromised. Other attacks using MLD are possible, but they primarily lead to extraneous (but not overwhelming) traffic. --------- end ------------ ---------------------------------------------------- John Spence, CCSI, CCNA, CISSP Native6, Inc. IPv6 Training and Consulting jspence@native6.com www.native6.com ---------------------------------------------------- -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html -------------------------------------------------------------------- From jari.arkko@lmf.ericsson.se Sun Jan 30 20:09:15 2005 Received: from albatross.ericsson.se (albatross.ericsson.se [193.180.251.49]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA18869 for ; Sun, 30 Jan 2005 20:09:12 -0500 (EST) Received: from esealmw142.al.sw.ericsson.se ([153.88.254.119]) by albatross.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id j0V19EvD017361 for ; Mon, 31 Jan 2005 02:09:14 +0100 (MET) Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw142.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.211); Mon, 31 Jan 2005 02:09:24 +0100 Received: from fnatte.sw.ericsson.se ([153.88.242.8]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id DT1R1791; Mon, 31 Jan 2005 02:10:48 +0100 Received: from sw.ericsson.se (prdxweb.sw.ericsson.se [153.88.240.43]) by fnatte.sw.ericsson.se (8.12.10/8.12.10) with ESMTP id j0V193lq004617; Mon, 31 Jan 2005 02:09:04 +0100 (MET) Received: from prdxweb.sw.ericsson.se (localhost [127.0.0.1]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id j0V17dtQ002668; Mon, 31 Jan 2005 02:07:39 +0100 (MET) Received: (from ietfmdomo@localhost) by prdxweb.sw.ericsson.se (8.12.10/8.12.10/Submit) id j0V17dX6002667; Mon, 31 Jan 2005 02:07:39 +0100 (MET) X-Authentication-Warning: prdxweb.sw.ericsson.se: ietfmdomo set sender to owner-ietf-send@standards.ericsson.net using -f Received: from ALPHA9.ITS.MONASH.EDU.AU (alpha9.its.monash.edu.au [130.194.1.9]) by sw.ericsson.se (8.12.10/8.12.10/unixcenter-xnetx-1.0) with ESMTP id j0V17atQ002657 for ; Mon, 31 Jan 2005 02:07:37 +0100 (MET) Received: from localhost ([130.194.13.88]) by vaxh.its.monash.edu.au (PMDF V5.2-31 #39306) with ESMTP id <01LK91AT77T08Y5626@vaxh.its.monash.edu.au> for ietf-send@standards.ericsson.net; Mon, 31 Jan 2005 12:03:00 +1100 Received: from moe.its.monash.edu.au (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id B46D0AB543; Mon, 31 Jan 2005 12:02:59 +1100 (EST) Received: from [130.194.252.100] (brettpc.eng.monash.edu.au [130.194.252.100]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by moe.its.monash.edu.au (Postfix) with ESMTP id 6D74D4FB0D; Mon, 31 Jan 2005 12:02:59 +1100 (EST) Date: Mon, 31 Jan 2005 12:02:59 +1100 From: Brett Pentland Subject: Re: Question about MLD messages, related to SEND-06, link-local multicast groups (like all-nodes), and host MLD signaling ... In-reply-to: <200501280152.j0S1qtBp026598@hestia.native6.com> To: "John Spence, CCSI, CCNA, CISSP" Cc: ietf-send@standards.ericsson.net Message-id: <41FD83C3.50805@eng.monash.edu.au> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=ISO-8859-1 Content-transfer-encoding: 7BIT User-Agent: Mozilla Thunderbird 1.0 (X11/20041206) X-Accept-Language: en-us, en References: <200501280152.j0S1qtBp026598@hestia.native6.com> Sender: owner-ietf-send@standards.ericsson.net Precedence: bulk X-OriginalArrivalTime: 31 Jan 2005 01:09:24.0956 (UTC) FILETIME=[8108D9C0:01C50731] Content-Transfer-Encoding: 7BIT John Spence, CCSI, CCNA, CISSP wrote: > > I don't understand a few things as I read Section 9.1 of the 06 SEND Draft. > I've provided the passage below, and added my comments at ">>" marks. > > I may be wrong about how MLD works - if so please enlighten me. > > Thank you. > > ------------- start --------------- > > 9.1 Threats to the Local Link Not Covered by SEND > > (stuff snipped out) > > Prior to participating in Neighbor Discovery and Duplicate Address > Detection, nodes must subscribe to the link-scoped All-Nodes > Multicast Group and the Solicited-Node Multicast Group for the > address that they are claiming for their addresses; RFC 2461 [7]. > > >>>I understand this to be correct. > > > Subscribing to a multicast group requires that the nodes use MLD > [19]. > > >>>I don't understand this. I don't believe a node needs to use MLD > > to subscribe to these link-local multicast addresses. MLD is used to > signal the DR for the link about what non link-local multicast messages > a host wants to receive. For link-local multicast groups, I believe the > node just starts listening for them - no MLD required. > A node should use MLD for link-scope addresses in order to allow correct operation of MLD-snooping switches (I am not aware of any yet, but there are certainly IGMP-snooping switches for IPv4 - this is needed for efficient implementation of multicast rather than just broadcasting all multicast packets). There is an inconsistancy though. Both MLDv1 and MLDv2 state that MLD messages are *not* sent for the all-nodes link scope multicast group: MLDv1 (RFC2710), section 5: MLD messages ARE sent for multicast addresses whose scope is 2 (link-local), including Solicited-Node multicast addresses [ADDR- ARCH], except for the link-scope, all-nodes address (FF02::1). And MLDv2 (RFC3810), section 6: The link-scope all-nodes multicast address, (FF02::1), is handled as a special case. On all nodes -- that is all hosts and routers, including multicast routers -- listening to packets destined to the all-nodes multicast address, from all sources, is permanently enabled on all interfaces on which multicast listening is supported. No MLD messages are ever sent regarding neither the link-scope all-nodes multicast address, nor any multicast address of scope 0 (reserved) or 1 (node-local). > MLD contains no provision for security. An attacker could > send an MLD Done message to unsubscribe a victim from the > Solicited-Node Multicast address. > > >>>I don't understand this. I don't believe a host would be listening for > > MLD Done messages - routers would be. If a host received an MLD Done > message I don't believe it would stop listening for link-local multicast > groups. > I agree. And I don't think a router would care, since it's not forwarding link-scope messages anyway. An MLD-snooping switch might react to a done message but it would only stop delivering packets to the attacker (if it was delivering them in the first place). > >>>I don't believe a router, upon receiving an MLD Done message for FF02::1, > > FF02::2, or solicited-node-multicast group would honor the message, and stop > listening to those addresses either. > I don't think the document actually says that it would. > However, the victim should be able > to detect such an attack because the router sends a > Multicast-Address-Specific Query to determine whether any listeners > are still on the address, at which point the victim can respond to > avoid being dropped from the group. This technique will work if the > router on the link has not been compromised. Other attacks using MLD > are possible, but they primarily lead to extraneous (but not > overwhelming) traffic. > > --------- end ------------ Regards, Brett. -------------------------------------------------------------------- To unsubscribe from this list, send email with "UNSUBSCRIBE" in the body to . Archive: http://standards.ericsson.net/lists/ietf-send/maillist.html --------------------------------------------------------------------