Presentation is loading. Please wait.

Presentation is loading. Please wait.

Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.

Published byAlaina Ball Modified over 8 years ago

Similar presentations

Presentation on theme: "Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02."— Presentation transcript:

1 draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02 IETF84 – August 2012 1 Authors: Mohamed Boucadair, Joe Touch, Pierre Levis, Reinaldo Penno Presenter: Dan Wing

2 draft-ietf-intarea-nat-reveal-analysis – IETF84 Steps to Success 1.There is a engineering problem 2.Discuss solutions 3.Engineer the best solution 2

3 draft-ietf-intarea-nat-reveal-analysis – IETF84 Steps to Success 1.There is a engineering problem 2.Discuss solutions 3.Engineer the best solution 3

4 draft-ietf-intarea-nat-reveal-analysis – IETF84 1. There Is an Engineering Problem RFC6269, “Issues with IP Address Sharing” – draft-ietf-intarea-shared-addressing-issues – Section 13.1, Abuse Logging and Penalty Boxes 4

5 draft-ietf-intarea-nat-reveal-analysis – IETF84 RFC6269, Section 13.1... one user who fails a number of login attempts may block out other users who have not made any previous attempts but who will now fail on their first attempt.... 5

6 draft-ietf-intarea-nat-reveal-analysis – IETF84 IP Reputation 6 Image source: Jason Fesler, Yahoo!

7 draft-ietf-intarea-nat-reveal-analysis – IETF84 Captcha challenge 7

8 draft-ietf-intarea-nat-reveal-analysis – IETF84 Steps to Success 1.There is a engineering problem – Problem documented in RFC6269, Section 13.1 2.Discuss solutions 3.Engineer the best solution 8

9 draft-ietf-intarea-nat-reveal-analysis – IETF84 2. Discuss Solutions (1/2) Collect proposed solutions Analyze differences Recommend best solution Previous examples of solution discussions – “Recommendation for a Routing Architecture”, RFC6115, recommendation: ILNP – “Requirements and Analysis of Media Security Management Protocols”, RFC5479, recommendation: DTLS-SRTP 9

10 draft-ietf-intarea-nat-reveal-analysis – IETF84 2. Discuss Solutions (2/2) draft-ietf-intarea-nat-reveal-analysis 8 solutions analyzed: 1.IPID field 2.IP option 3.Port sets 4.ICMP 5.TCP option 6.PROXY protocol 7.Host Identity Protocol (HIP) 8.Inject Application Headers (e.g., X-Forwarded-For) 10

11 draft-ietf-intarea-nat-reveal-analysis – IETF84 Steps to Success 1.There is a engineering problem – Problem documented in RFC6269, Section 13.1 2.Discuss solutions – draft-ietf-intarea-nat-reveal-analysis 3.Engineer the best solution 11

12 draft-ietf-intarea-nat-reveal-analysis – IETF84 3. Engineer the best solution First need consensus on the best solution We aren’t yet ready 12

13 draft-ietf-intarea-nat-reveal-analysis – IETF84 Some Questions for the WG 1.Consensus on problem in RFC6269 §13.1? 2.“Just Deploy IPv6” – Does this avoid problem in RFC6269 §13.1? – Current trajectory is 50% IPv6 in 6 years 3.Are there more than 8 solutions? 4.Disagreement that ietf-intarea-nat-reveal- analysis should recommend a best solution 13

14 draft-ietf-intarea-nat-reveal-analysis – IETF84 Thank you draft-ietf-intarea-nat-reveal-analysis 14

Download ppt "Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02."

Similar presentations

NAT-PT Applicability Statement Design Team IETF #57, IETF V6OPS WG Vienna, Austria July 16, 2003.

NAT-PT Applicability Statement Design Team IETF #57, IETF V6OPS WG Vienna, Austria July 16, 2003.
Deployment Considerations for Dual-stack Lite IETF 80 Prague Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed Boucadair.

Deployment Considerations for Dual-stack Lite IETF 80 Prague Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed Boucadair.
Deployment Considerations for Dual-stack Lite draft-lee-softwire-dslite-deployment-00 Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed.

Deployment Considerations for Dual-stack Lite draft-lee-softwire-dslite-deployment-00 Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed.
Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.

Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.
Network Layer Packet Forwarding IS250 Spring 2010

Network Layer Packet Forwarding IS250 Spring 2010
Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls.

Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls.
Format for the Session Initiation Protocol (SIP) Common Log Format (CLF) draft-ietf-sipclf-format-01 (G. Salgueiro, V. Gurbani, and A. B. Roach) Presenter:

Format for the Session Initiation Protocol (SIP) Common Log Format (CLF) draft-ietf-sipclf-format-01 (G. Salgueiro, V. Gurbani, and A. B. Roach) Presenter:
SP Wi-Fi Services over Residential Architectures (draft-gundavelli-v6ops-community-wifi-svcs) IETF 84 - August, 2012 Authors: Sri Gundavelli(Cisco) Mark.

SP Wi-Fi Services over Residential Architectures (draft-gundavelli-v6ops-community-wifi-svcs) IETF 84 - August, 2012 Authors: Sri Gundavelli(Cisco) Mark.
IETF 80 th 1 Analysis of Solution Candidates to Reveal the Origin IP Address in Shared Address Deployments draft-boucadair-intarea-nat-reveal-analysis-01.

IETF 80 th 1 Analysis of Solution Candidates to Reveal the Origin IP Address in Shared Address Deployments draft-boucadair-intarea-nat-reveal-analysis-01.
Dean Cheng Jouni Korhonen Mehamed Boucadair

Dean Cheng Jouni Korhonen Mehamed Boucadair
Application Level Control of Ports in a Service Provider NAT environment Dave Thaler Dan Wing Alain Durand 1.

Application Level Control of Ports in a Service Provider NAT environment Dave Thaler Dan Wing Alain Durand 1.
1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.

1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.
A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.
Draft-ietf-v6ops-scanning-implications-00 IPv6 Implications for Network Scanning Tim Chown University of Southampton (UK) IETF 66,

Draft-ietf-v6ops-scanning-implications-00 IPv6 Implications for Network Scanning Tim Chown University of Southampton (UK) IETF 66,
BEHAVE BOF (Behavior Engineering for Hindrance AVoidancE) Cullen Jennings Jiri Kuthan.

BEHAVE BOF (Behavior Engineering for Hindrance AVoidancE) Cullen Jennings Jiri Kuthan.
IETF – ECRIT Emergency Context Resolution using Internet Technologies ESW 5 – Vienna October 2008 Marc Linsner.

IETF – ECRIT Emergency Context Resolution using Internet Technologies ESW 5 – Vienna October 2008 Marc Linsner.
Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.

Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.
A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium 2004. Presenter: Hiral Chhaya for CAP6103.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.
Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.

Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.
Dean Cheng Jouni Korhonen Mehamed Boucadair

Dean Cheng Jouni Korhonen Mehamed Boucadair

Similar presentations

Ads by Google