Bugtraq: Re: IPv4 mapped address considered harmful

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: IPv4 mapped address considered harmful

From: Anthony DeRobertis <asd () suespammers org>
Date: 27 Aug 2002 01:48:51 -0400

      the key difference is that it may be possible to circumvent IPv4
      filters by using IPv4 mapped address (= IPv6 address like
      ::ffff:1.2.3.4).  the problem is in additional complexity due to
      the interaction between IPv4 packet and IPv6 API/packet.


I'll give you that there is some additional complexity, but I don't
think that addresses in ::ffff:0:0/96 should cause too much trouble,
because they were previously bogons. 

In general, when ever a new protocol is enabled on a network, firewalls,
IDSs, and other security devices need to be upgraded (or reconfigured)
to support it.

Maybe I'm missing something, but I don't see whats so different about
using mapped IPv4 addresses on the wire, especially since your bogon
filters should already be dropping any use.

Attachment: signature.asc
Description: This is a digitally signed message part

By Date By Thread

Current thread:

IPv4 mapped address considered harmful Jun-ichiro itojun Hagino (Aug 22)
- Re: IPv4 mapped address considered harmful Anthony DeRobertis (Aug 27)
  - Re: IPv4 mapped address considered harmful itojun (Aug 27)
    - Re: IPv4 mapped address considered harmful Anthony DeRobertis (Aug 27)
    - Re: IPv4 mapped address considered harmful itojun (Aug 27)
    - Re: IPv4 mapped address considered harmful Anthony DeRobertis (Aug 27)
    - Re: IPv4 mapped address considered harmful itojun (Aug 27)
    - Re: IPv4 mapped address considered harmful Anthony DeRobertis (Aug 27)
- Re: IPv4 mapped address considered harmful Peter J. Holzer (Aug 27)